From ec3639dc7a28348b136d2008e692cffe8c3753ad Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 4 Sep 2013 13:06:04 +0200 Subject: [PATCH] Always check variable type before using readdir to avoid surprises --- apps/files_external/lib/amazons3.php | 39 ++++++++++++++++------------ apps/files_external/lib/google.php | 12 +++++---- apps/files_external/lib/irods.php | 14 +++++----- apps/files_external/lib/smb.php | 12 +++++---- apps/files_trashbin/index.php | 31 +++++++++++----------- lib/app.php | 14 +++++----- lib/archive.php | 3 ++- lib/cache/file.php | 11 +++++--- lib/cache/fileglobal.php | 20 ++++++++------ lib/connector/sabre/objecttree.php | 8 +++--- lib/files/cache/scanner.php | 28 ++++++++++---------- lib/files/storage/common.php | 21 ++++++++------- lib/files/view.php | 8 +++--- lib/installer.php | 10 ++++--- 14 files changed, 133 insertions(+), 98 deletions(-) diff --git a/apps/files_external/lib/amazons3.php b/apps/files_external/lib/amazons3.php index 2d7bcd4ac37..c08a266b48c 100644 --- a/apps/files_external/lib/amazons3.php +++ b/apps/files_external/lib/amazons3.php @@ -183,17 +183,20 @@ class AmazonS3 extends \OC\Files\Storage\Common { } $dh = $this->opendir($path); - while (($file = readdir($dh)) !== false) { - if ($file === '.' || $file === '..') { - continue; - } - if ($this->is_dir($path . '/' . $file)) { - $this->rmdir($path . '/' . $file); - } else { - $this->unlink($path . '/' . $file); + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if ($file === '.' || $file === '..') { + continue; + } + + if ($this->is_dir($path . '/' . $file)) { + $this->rmdir($path . '/' . $file); + } else { + $this->unlink($path . '/' . $file); + } } - } + } try { $result = $this->connection->deleteObject(array( @@ -464,15 +467,17 @@ class AmazonS3 extends \OC\Files\Storage\Common { } $dh = $this->opendir($path1); - while (($file = readdir($dh)) !== false) { - if ($file === '.' || $file === '..') { - continue; + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if ($file === '.' || $file === '..') { + continue; + } + + $source = $path1 . '/' . $file; + $target = $path2 . '/' . $file; + $this->copy($source, $target); } - - $source = $path1 . '/' . $file; - $target = $path2 . '/' . $file; - $this->copy($source, $target); - } + } } return true; diff --git a/apps/files_external/lib/google.php b/apps/files_external/lib/google.php index 215bdcda6c2..b63b5885de1 100644 --- a/apps/files_external/lib/google.php +++ b/apps/files_external/lib/google.php @@ -206,14 +206,16 @@ class Google extends \OC\Files\Storage\Common { public function rmdir($path) { if (trim($path, '/') === '') { $dir = $this->opendir($path); - while (($file = readdir($dh)) !== false) { - if (!\OC\Files\Filesystem::isIgnoredDir($file)) { - if (!$this->unlink($path.'/'.$file)) { - return false; + if(is_resource($dir)) { + while (($file = readdir($dir)) !== false) { + if (!\OC\Files\Filesystem::isIgnoredDir($file)) { + if (!$this->unlink($path.'/'.$file)) { + return false; + } } } + closedir($dir); } - closedir($dir); $this->driveFiles = array(); return true; } else { diff --git a/apps/files_external/lib/irods.php b/apps/files_external/lib/irods.php index 7ec3b3a0cfc..f7279a6c5d2 100644 --- a/apps/files_external/lib/irods.php +++ b/apps/files_external/lib/irods.php @@ -55,7 +55,7 @@ class iRODS extends \OC\Files\Storage\StreamWrapper{ } else { throw new \Exception(); } - + } public static function login( $params ) { @@ -137,11 +137,13 @@ class iRODS extends \OC\Files\Storage\StreamWrapper{ private function collectionMTime($path) { $dh = $this->opendir($path); $lastCTime = $this->filemtime($path); - while (($file = readdir($dh)) !== false) { - if ($file != '.' and $file != '..') { - $time = $this->filemtime($file); - if ($time > $lastCTime) { - $lastCTime = $time; + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if ($file != '.' and $file != '..') { + $time = $this->filemtime($file); + if ($time > $lastCTime) { + $lastCTime = $time; + } } } } diff --git a/apps/files_external/lib/smb.php b/apps/files_external/lib/smb.php index 8e7a28fba1a..ecd4dae0484 100644 --- a/apps/files_external/lib/smb.php +++ b/apps/files_external/lib/smb.php @@ -99,11 +99,13 @@ class SMB extends \OC\Files\Storage\StreamWrapper{ private function shareMTime() { $dh=$this->opendir(''); $lastCtime=0; - while (($file = readdir($dh)) !== false) { - if ($file!='.' and $file!='..') { - $ctime=$this->filemtime($file); - if ($ctime>$lastCtime) { - $lastCtime=$ctime; + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if ($file!='.' and $file!='..') { + $ctime=$this->filemtime($file); + if ($ctime>$lastCtime) { + $lastCtime=$ctime; + } } } } diff --git a/apps/files_trashbin/index.php b/apps/files_trashbin/index.php index 0baeab1de97..0dd6944281c 100644 --- a/apps/files_trashbin/index.php +++ b/apps/files_trashbin/index.php @@ -23,23 +23,24 @@ if ($dir) { $dirlisting = true; $dirContent = $view->opendir($dir); $i = 0; - while(($entryName = readdir($dirContent)) !== false) { - if (!\OC\Files\Filesystem::isIgnoredDir($entryName)) { - $pos = strpos($dir.'/', '/', 1); - $tmp = substr($dir, 0, $pos); - $pos = strrpos($tmp, '.d'); - $timestamp = substr($tmp, $pos+2); - $result[] = array( - 'id' => $entryName, - 'timestamp' => $timestamp, - 'mime' => $view->getMimeType($dir.'/'.$entryName), - 'type' => $view->is_dir($dir.'/'.$entryName) ? 'dir' : 'file', - 'location' => $dir, - ); + if(is_resource($dirContent)) { + while(($entryName = readdir($dirContent)) !== false) { + if (!\OC\Files\Filesystem::isIgnoredDir($entryName)) { + $pos = strpos($dir.'/', '/', 1); + $tmp = substr($dir, 0, $pos); + $pos = strrpos($tmp, '.d'); + $timestamp = substr($tmp, $pos+2); + $result[] = array( + 'id' => $entryName, + 'timestamp' => $timestamp, + 'mime' => $view->getMimeType($dir.'/'.$entryName), + 'type' => $view->is_dir($dir.'/'.$entryName) ? 'dir' : 'file', + 'location' => $dir, + ); + } } + closedir($dirContent); } - closedir($dirContent); - } else { $dirlisting = false; $query = \OC_DB::prepare('SELECT `id`,`location`,`timestamp`,`type`,`mime` FROM `*PREFIX*files_trash` WHERE `user` = ?'); diff --git a/lib/app.php b/lib/app.php index 1a0a7e6f9a9..d98af2dc296 100644 --- a/lib/app.php +++ b/lib/app.php @@ -667,14 +667,16 @@ class OC_App{ } $dh = opendir( $apps_dir['path'] ); - while (($file = readdir($dh)) !== false) { + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { - if ($file[0] != '.' and is_file($apps_dir['path'].'/'.$file.'/appinfo/app.php')) { + if ($file[0] != '.' and is_file($apps_dir['path'].'/'.$file.'/appinfo/app.php')) { - $apps[] = $file; + $apps[] = $file; - } + } + } } } @@ -868,10 +870,10 @@ class OC_App{ /** - * Compares the app version with the owncloud version to see if the app + * Compares the app version with the owncloud version to see if the app * requires a newer version than the currently active one * @param array $owncloudVersions array with 3 entries: major minor bugfix - * @param string $appRequired the required version from the xml + * @param string $appRequired the required version from the xml * major.minor.bugfix * @return boolean true if compatible, otherwise false */ diff --git a/lib/archive.php b/lib/archive.php index 364cd5a74a1..85bfae57295 100644 --- a/lib/archive.php +++ b/lib/archive.php @@ -119,7 +119,8 @@ abstract class OC_Archive{ * @return bool */ function addRecursive($path, $source) { - if($dh=opendir($source)) { + $dh = opendir($source); + if(is_resource($dh)) { $this->addFolder($path); while (($file = readdir($dh)) !== false) { if($file=='.' or $file=='..') { diff --git a/lib/cache/file.php b/lib/cache/file.php index 9fee6034a71..361138e4736 100644 --- a/lib/cache/file.php +++ b/lib/cache/file.php @@ -80,9 +80,11 @@ class OC_Cache_File{ $storage = $this->getStorage(); if($storage and $storage->is_dir('/')) { $dh=$storage->opendir('/'); - while (($file = readdir($dh)) !== false) { - if($file!='.' and $file!='..' and ($prefix==='' || strpos($file, $prefix) === 0)) { - $storage->unlink('/'.$file); + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if($file!='.' and $file!='..' and ($prefix==='' || strpos($file, $prefix) === 0)) { + $storage->unlink('/'.$file); + } } } } @@ -94,6 +96,9 @@ class OC_Cache_File{ if($storage and $storage->is_dir('/')) { $now = time(); $dh=$storage->opendir('/'); + if(!is_resource($dh)) { + return null; + } while (($file = readdir($dh)) !== false) { if($file!='.' and $file!='..') { $mtime = $storage->filemtime('/'.$file); diff --git a/lib/cache/fileglobal.php b/lib/cache/fileglobal.php index 2fbd8ca3edb..c0bd8e45f39 100644 --- a/lib/cache/fileglobal.php +++ b/lib/cache/fileglobal.php @@ -69,9 +69,11 @@ class OC_Cache_FileGlobal{ $prefix = $this->fixKey($prefix); if($cache_dir and is_dir($cache_dir)) { $dh=opendir($cache_dir); - while (($file = readdir($dh)) !== false) { - if($file!='.' and $file!='..' and ($prefix==='' || strpos($file, $prefix) === 0)) { - unlink($cache_dir.$file); + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if($file!='.' and $file!='..' and ($prefix==='' || strpos($file, $prefix) === 0)) { + unlink($cache_dir.$file); + } } } } @@ -88,11 +90,13 @@ class OC_Cache_FileGlobal{ $cache_dir = self::getCacheDir(); if($cache_dir and is_dir($cache_dir)) { $dh=opendir($cache_dir); - while (($file = readdir($dh)) !== false) { - if($file!='.' and $file!='..') { - $mtime = filemtime($cache_dir.$file); - if ($mtime < $now) { - unlink($cache_dir.$file); + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if($file!='.' and $file!='..') { + $mtime = filemtime($cache_dir.$file); + if ($mtime < $now) { + unlink($cache_dir.$file); + } } } } diff --git a/lib/connector/sabre/objecttree.php b/lib/connector/sabre/objecttree.php index b298813a202..acff45ed5e2 100644 --- a/lib/connector/sabre/objecttree.php +++ b/lib/connector/sabre/objecttree.php @@ -88,11 +88,13 @@ class ObjectTree extends \Sabre_DAV_ObjectTree { } else { Filesystem::mkdir($destination); $dh = Filesystem::opendir($source); - while (($subnode = readdir($dh)) !== false) { + if(is_resource($dh)) { + while (($subnode = readdir($dh)) !== false) { - if ($subnode == '.' || $subnode == '..') continue; - $this->copy($source . '/' . $subnode, $destination . '/' . $subnode); + if ($subnode == '.' || $subnode == '..') continue; + $this->copy($source . '/' . $subnode, $destination . '/' . $subnode); + } } } diff --git a/lib/files/cache/scanner.php b/lib/files/cache/scanner.php index 87fa7c1365a..9d180820e9d 100644 --- a/lib/files/cache/scanner.php +++ b/lib/files/cache/scanner.php @@ -159,20 +159,22 @@ class Scanner extends BasicEmitter { $newChildren = array(); if ($this->storage->is_dir($path) && ($dh = $this->storage->opendir($path))) { \OC_DB::beginTransaction(); - while (($file = readdir($dh)) !== false) { - $child = ($path) ? $path . '/' . $file : $file; - if (!Filesystem::isIgnoredDir($file)) { - $newChildren[] = $file; - $data = $this->scanFile($child, $reuse, true); - if ($data) { - if ($data['size'] === -1) { - if ($recursive === self::SCAN_RECURSIVE) { - $childQueue[] = $child; - } else { - $size = -1; + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + $child = ($path) ? $path . '/' . $file : $file; + if (!Filesystem::isIgnoredDir($file)) { + $newChildren[] = $file; + $data = $this->scanFile($child, $reuse, true); + if ($data) { + if ($data['size'] === -1) { + if ($recursive === self::SCAN_RECURSIVE) { + $childQueue[] = $child; + } else { + $size = -1; + } + } else if ($size !== -1) { + $size += $data['size']; } - } else if ($size !== -1) { - $size += $data['size']; } } } diff --git a/lib/files/storage/common.php b/lib/files/storage/common.php index 01560f34fde..a5b79f0e967 100644 --- a/lib/files/storage/common.php +++ b/lib/files/storage/common.php @@ -142,13 +142,15 @@ abstract class Common implements \OC\Files\Storage\Storage { return false; } else { $directoryHandle = $this->opendir($directory); - while (($contents = readdir($directoryHandle)) !== false) { - if (!\OC\Files\Filesystem::isIgnoredDir($contents)) { - $path = $directory . '/' . $contents; - if ($this->is_dir($path)) { - $this->deleteAll($path); - } else { - $this->unlink($path); + if(is_resource($directoryHandle)) { + while (($contents = readdir($directoryHandle)) !== false) { + if (!\OC\Files\Filesystem::isIgnoredDir($contents)) { + $path = $directory . '/' . $contents; + if ($this->is_dir($path)) { + $this->deleteAll($path); + } else { + $this->unlink($path); + } } } } @@ -224,7 +226,8 @@ abstract class Common implements \OC\Files\Storage\Storage { } private function addLocalFolder($path, $target) { - if ($dh = $this->opendir($path)) { + $dh = $this->opendir($path); + if(is_resource($dh)) { while (($file = readdir($dh)) !== false) { if ($file !== '.' and $file !== '..') { if ($this->is_dir($path . '/' . $file)) { @@ -242,7 +245,7 @@ abstract class Common implements \OC\Files\Storage\Storage { protected function searchInDir($query, $dir = '') { $files = array(); $dh = $this->opendir($dir); - if ($dh) { + if (is_resource($dh)) { while (($item = readdir($dh)) !== false) { if ($item == '.' || $item == '..') continue; if (strstr(strtolower($item), strtolower($query)) !== false) { diff --git a/lib/files/view.php b/lib/files/view.php index 8aee12bf6fe..14de92c2005 100644 --- a/lib/files/view.php +++ b/lib/files/view.php @@ -500,9 +500,11 @@ class View { } else { if ($this->is_dir($path1) && ($dh = $this->opendir($path1))) { $result = $this->mkdir($path2); - while (($file = readdir($dh)) !== false) { - if (!Filesystem::isIgnoredDir($file)) { - $result = $this->copy($path1 . '/' . $file, $path2 . '/' . $file); + if(is_resource($dh)) { + while (($file = readdir($dh)) !== false) { + if (!Filesystem::isIgnoredDir($file)) { + $result = $this->copy($path1 . '/' . $file, $path2 . '/' . $file); + } } } } else { diff --git a/lib/installer.php b/lib/installer.php index b9684eaeea0..607e6da7265 100644 --- a/lib/installer.php +++ b/lib/installer.php @@ -107,10 +107,12 @@ class OC_Installer{ if(!is_file($extractDir.'/appinfo/info.xml')) { //try to find it in a subdir $dh=opendir($extractDir); - while (($folder = readdir($dh)) !== false) { - if($folder[0]!='.' and is_dir($extractDir.'/'.$folder)) { - if(is_file($extractDir.'/'.$folder.'/appinfo/info.xml')) { - $extractDir.='/'.$folder; + if(is_resource($dh)) { + while (($folder = readdir($dh)) !== false) { + if($folder[0]!='.' and is_dir($extractDir.'/'.$folder)) { + if(is_file($extractDir.'/'.$folder.'/appinfo/info.xml')) { + $extractDir.='/'.$folder; + } } } } -- 2.39.5