Merge pull request #11482 from annando/inherit-permissions

Inherit avatar cache file permissions
This commit is contained in:
Hypolite Petovan 2022-05-09 23:15:47 -04:00 committed by GitHub
commit d195d934be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -39,6 +39,8 @@ use Friendica\Util\Strings;
*/ */
class Avatar class Avatar
{ {
const BASE_PATH = '/avatar/';
/** /**
* Returns a field array with locally cached avatar pictures * Returns a field array with locally cached avatar pictures
* *
@ -105,22 +107,50 @@ class Avatar
return ''; return '';
} }
$path = '/avatar/' . $filename . $size . '.' . $image->getExt(); $path = self::BASE_PATH . $filename . $size . '.' . $image->getExt();
$filepath = DI::basePath() . $path; $filepath = DI::basePath() . $path;
$dirpath = dirname($filepath); $dirpath = DI::basePath() . self::BASE_PATH;
DI::profiler()->startRecording('file'); DI::profiler()->startRecording('file');
// Fetch the permission and group ownership of the "avatar" path and apply to all files
$dir_perm = fileperms($dirpath) & 0777;
$file_perm = fileperms($dirpath) & 0666;
$group = filegroup($dirpath);
// Check directory permissions of all parts of the path
foreach (explode('/', dirname($filename)) as $part) {
$dirpath .= $part . '/';
if (!file_exists($dirpath)) { if (!file_exists($dirpath)) {
mkdir($dirpath, 0775, true); if (!mkdir($dirpath, $dir_perm)) {
} else { Logger::warning('Directory could not be created', ['directory' => $dirpath]);
chmod($dirpath, 0775); }
} elseif (fileperms($dirpath) & 0777 != $dir_perm) {
if (!chmod($dirpath, $dir_perm)) {
Logger::info('Directory permissions could not be changed', ['directory' => $dirpath]);
}
} }
file_put_contents($filepath, $image->asString()); if (filegroup($dirpath) != $group) {
chmod($filepath, 0664); if (!chgrp($dirpath, $group)) {
Logger::info('Directory group could not be changed', ['directory' => $dirpath]);
}
}
}
if (!file_put_contents($filepath, $image->asString())) {
Logger::warning('File could not be created', ['file' => $filepath]);
}
if (!chmod($filepath, $file_perm)) {
Logger::warning('File permissions could not be changed', ['file' => $filepath]);
}
if (!chgrp($filepath, $group)) {
Logger::warning('File group could not be changed', ['file' => $filepath]);
}
DI::profiler()->stopRecording(); DI::profiler()->stopRecording();
@ -155,13 +185,13 @@ class Avatar
return ''; return '';
} }
$path = Strings::normaliseLink(DI::baseUrl() . '/avatar'); $path = Strings::normaliseLink(DI::baseUrl() . self::BASE_PATH);
if (Network::getUrlMatch($path, $avatar) != $path) { if (Network::getUrlMatch($path, $avatar) != $path) {
return ''; return '';
} }
$filename = str_replace($path, DI::basePath(). '/avatar/', Strings::normaliseLink($avatar)); $filename = str_replace($path, DI::basePath(). self::BASE_PATH, Strings::normaliseLink($avatar));
DI::profiler()->startRecording('file'); DI::profiler()->startRecording('file');
$exists = file_exists($filename); $exists = file_exists($filename);