Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

access.ftp fails to check if files are writable #634

Closed
wants to merge 1 commit into from
Closed

access.ftp fails to check if files are writable #634

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions core/src/plugins/access.ftp/class.ftpAccessDriver.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,16 +214,36 @@ public function uploadActions($action, $httpVars, $filesVars)

}

// Checks if a file belongs to currently logged in FTP user
private function isFileOwner($path)
{
$ftp = new ftpAccessWrapper();
$stat = $ftp->url_stat($path, 2);
$urlParts = AJXP_Utils::safeParseUrl($path);
$repository = ConfService::getRepositoryById($urlParts["host"]);
$credentials = AJXP_Safe::tryLoadingCredentialsFromSources($urlParts, $repository);
if (empty($credentials["user"]))
return is_writable($path);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we don't use the $stat value, so we should make sure to have this case return earlier in the function (before making an unecessary call to url_stat).

if ((string)$stat["uid"] == $credentials["user"])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding your comments, this $stat["uid"] is in fact returning a numerical value or here it's can really be the user name?

return true;
}

public function isWriteable($path, $type="dir")
{
$parts = parse_url($path);
$dir = $parts["path"];
if ($type == "dir" && ($dir == "" || $dir == "/" || $dir == "\\")) { // ROOT, WE ARE NOT SURE TO BE ABLE TO READ THE PARENT
return true;
} else {
return is_writable($path);
$perms = substr(decoct(fileperms($path)), -3);
// World writable files
if (preg_match("/..[2367]$/", $perms))
return true;
// Files belonging to currently logged in FTP user that are writable by owner
if ((preg_match("/^[2367]/", $perms)) && ($this->isFileOwner($path)))
return true;
}

return false;
}

public function deldir($location)
Expand Down