Merge pull request #25280 from nextcloud/explicit-file-permissions

Set umask before operations that create local files

2 files changed, 50 insertions, 7 deletions

diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php
index c21364847e1..a29fc6c02de 100644
--- a/lib/private/Files/Storage/Local.php
+++ b/lib/private/Files/Storage/Local.php
@@ -87,8 +87,9 @@ class Local extends \OC\Files\Storage\Common {
 
 	public function mkdir($path) {
 		$sourcePath = $this->getSourcePath($path);
+		$oldMask = umask(022);
 		$result = @mkdir($sourcePath, 0777, true);
-		chmod($sourcePath, 0755);
+		umask($oldMask);
 		return $result;
 	}
 
@@ -258,11 +259,13 @@ class Local extends \OC\Files\Storage\Common {
 		if ($this->file_exists($path) and !$this->isUpdatable($path)) {
 			return false;
 		}
+		$oldMask = umask(022);
 		if (!is_null($mtime)) {
 			$result = @touch($this->getSourcePath($path), $mtime);
 		} else {
 			$result = @touch($this->getSourcePath($path));
 		}
+		umask($oldMask);
 		if ($result) {
 			clearstatcache(true, $this->getSourcePath($path));
 		}
@@ -275,7 +278,10 @@ class Local extends \OC\Files\Storage\Common {
 	}
 
 	public function file_put_contents($path, $data) {
-		return file_put_contents($this->getSourcePath($path), $data);
+		$oldMask = umask(022);
+		$result = file_put_contents($this->getSourcePath($path), $data);
+		umask($oldMask);
+		return $result;
 	}
 
 	public function unlink($path) {
@@ -345,12 +351,18 @@ class Local extends \OC\Files\Storage\Common {
 		if ($this->is_dir($path1)) {
 			return parent::copy($path1, $path2);
 		} else {
-			return copy($this->getSourcePath($path1), $this->getSourcePath($path2));
+			$oldMask = umask(022);
+			$result = copy($this->getSourcePath($path1), $this->getSourcePath($path2));
+			umask($oldMask);
+			return $result;
 		}
 	}
 
 	public function fopen($path, $mode) {
-		return fopen($this->getSourcePath($path), $mode);
+		$oldMask = umask(022);
+		$result = fopen($this->getSourcePath($path), $mode);
+		umask($oldMask);
+		return $result;
 	}
 
 	public function hash($type, $path, $raw = false) {
diff --git a/tests/lib/Files/Storage/LocalTest.php b/tests/lib/Files/Storage/LocalTest.php
index 46784811248..e324d2b28db 100644
--- a/tests/lib/Files/Storage/LocalTest.php
+++ b/tests/lib/Files/Storage/LocalTest.php
@@ -63,21 +63,21 @@ class LocalTest extends Storage {
 		$this->assertNotEquals($etag1, $etag2);
 	}
 
-	
+
 	public function testInvalidArgumentsEmptyArray() {
 		$this->expectException(\InvalidArgumentException::class);
 
 		new \OC\Files\Storage\Local([]);
 	}
 
-	
+
 	public function testInvalidArgumentsNoArray() {
 		$this->expectException(\InvalidArgumentException::class);
 
 		new \OC\Files\Storage\Local(null);
 	}
 
-	
+
 	public function testDisallowSymlinksOutsideDatadir() {
 		$this->expectException(\OCP\Files\ForbiddenException::class);
 
@@ -108,4 +108,35 @@ class LocalTest extends Storage {
 		$storage->file_put_contents('sym/foo', 'bar');
 		$this->addToAssertionCount(1);
 	}
+
+	public function testWriteUmaskFilePutContents() {
+		$oldMask = umask(0333);
+		$this->instance->file_put_contents('test.txt', 'sad');
+		umask($oldMask);
+		$this->assertTrue($this->instance->isUpdatable('test.txt'));
+	}
+
+	public function testWriteUmaskMkdir() {
+		$oldMask = umask(0333);
+		$this->instance->mkdir('test.txt');
+		umask($oldMask);
+		$this->assertTrue($this->instance->isUpdatable('test.txt'));
+	}
+
+	public function testWriteUmaskFopen() {
+		$oldMask = umask(0333);
+		$handle = $this->instance->fopen('test.txt', 'w');
+		fwrite($handle, 'foo');
+		fclose($handle);
+		umask($oldMask);
+		$this->assertTrue($this->instance->isUpdatable('test.txt'));
+	}
+
+	public function testWriteUmaskCopy() {
+		$this->instance->file_put_contents('source.txt', 'sad');
+		$oldMask = umask(0333);
+		$this->instance->copy('source.txt', 'test.txt');
+		umask($oldMask);
+		$this->assertTrue($this->instance->isUpdatable('test.txt'));
+	}
 }