From c771034deac193ea9518826a1bdf30de6cdd21d4 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 25 Jul 2012 12:03:15 -0400
Subject: [PATCH] Improved and hardened file handling in apache plugin.

---
 server/lib/classes/system.inc.php |   25 ++++++++++++++++++++-----
 1 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 8cebdc1..410a895 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -611,23 +611,30 @@
 	 *
 	 */
 	function chown($file, $owner, $allow_symlink = false){
+	  global $app;
 	  if($allow_symlink == false && $this->checkpath($file) == false) {
 		$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
 		return false;
 	  }
-	  return chown($file, $owner);
+	  if(file_exists($file)) {
+		return chown($file, $owner);
+	  }
 	}
 	
 	function chgrp($file, $group = '', $allow_symlink = false){
+	  global $app;
 	  if($allow_symlink == false && $this->checkpath($file) == false) {
 		$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
 		return false;
 	  }
-	  return chgrp($file, $group);
+	  if(file_exists($file)) {
+		return chgrp($file, $group);
+	  }
 	}
 	
 	//* Change the mode of a file
 	function chmod($file, $mode, $allow_symlink = false) {
+		global $app;
 		if($allow_symlink == false && $this->checkpath($file) == false) {
 			$app->log("Action aborted, file is a symlink: $file",LOGLEVEL_WARN);
 			return false;
@@ -636,15 +643,17 @@
 	}
 	
 	function file_put_contents($filename, $data, $allow_symlink = false) {
+		global $app;
 		if($allow_symlink == false && $this->checkpath($filename) == false) {
 			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
 			return false;
 		}
-		unlink($filename);
+		if(file_exists($filename)) unlink($filename);
 		return file_put_contents($filename, $data);
 	}
 	
 	function file_get_contents($filename, $allow_symlink = false) {
+		global $app;
 		if($allow_symlink == false && $this->checkpath($filename) == false) {
 			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
 			return false;
@@ -653,6 +662,7 @@
 	}
 	
 	function rename($filename, $new_filename, $allow_symlink = false) {
+		global $app;
 		if($allow_symlink == false && $this->checkpath($filename) == false) {
 			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
 			return false;
@@ -661,6 +671,7 @@
 	}
 	
 	function mkdir($dirname, $allow_symlink = false) {
+		global $app;
 		if($allow_symlink == false && $this->checkpath($dirname) == false) {
 			$app->log("Action aborted, file is a symlink: $dirname",LOGLEVEL_WARN);
 			return false;
@@ -669,7 +680,9 @@
 	}
 	
 	function unlink($file) {
-		return unlink($file);
+		if(file_exists($filename)) {
+			return unlink($filename);
+		}
 	}
 	
 	function copy($file1,$file2) {
@@ -685,7 +698,7 @@
 		if(!preg_match('/[a-zA-Z0-9_\.\-]{1,}/',$path)) return false;
 		
 		//* Check path for symlinks
-		$path_parts = explode($path);
+		$path_parts = explode('/',$path);
 		$testpath = '';
 		foreach($path_parts as $p) {
 			$testpath .= '/'.$p;
@@ -1203,6 +1216,7 @@
 	}
 	
 	function replaceLine($filename,$search_pattern,$new_line,$strict = 0,$append = 1) {
+		global $app;
 		if($this->checkpath($filename) == false) {
 			$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
 			return false;
@@ -1242,6 +1256,7 @@
 	}
 	
 	function removeLine($filename,$search_pattern,$strict = 0) {
+	global $app;
 	if($this->checkpath($filename) == false) {
 		$app->log("Action aborted, file is a symlink: $filename",LOGLEVEL_WARN);
 		return false;

--
Gitblit v1.9.1