summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorValerio Ponte <valerio.ponte@gmail.com>2013-03-20 22:37:02 +0100
committerValerio Ponte <valerio.ponte@gmail.com>2013-03-20 22:37:02 +0100
commit033c94d076e3340a4a472d1b3f61ade5f22009ea (patch)
tree442d34b7cdaf3c7394a5fd7d7e92adaa632abedc /lib
parentef6c6e77b13a0f2be7889f7a9b3906cf38ee0d76 (diff)
downloadnextcloud-server-033c94d076e3340a4a472d1b3f61ade5f22009ea.tar.gz
nextcloud-server-033c94d076e3340a4a472d1b3f61ade5f22009ea.zip
fixed xsendfile zip generation race condition
Diffstat (limited to 'lib')
-rw-r--r--lib/files.php18
-rw-r--r--lib/helper.php24
2 files changed, 22 insertions, 20 deletions
diff --git a/lib/files.php b/lib/files.php
index 04ba51d9d24..ab7fa1ed096 100644
--- a/lib/files.php
+++ b/lib/files.php
@@ -59,11 +59,7 @@ class OC_Files {
$executionTime = intval(ini_get('max_execution_time'));
set_time_limit(0);
$zip = new ZipArchive();
- if ($xsendfile) {
- $filename = OC_Helper::tmpFileNoClean('.zip');
- }else{
- $filename = OC_Helper::tmpFile('.zip');
- }
+ $filename = OC_Helper::tmpFile('.zip');
if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) {
exit("cannot open <$filename>\n");
}
@@ -78,6 +74,9 @@ class OC_Files {
}
}
$zip->close();
+ if ($xsendfile) {
+ $filename = OC_Helper::moveToNoClean($filename);
+ }
$basename = basename($dir);
if ($basename) {
$name = $basename . '.zip';
@@ -91,17 +90,16 @@ class OC_Files {
$executionTime = intval(ini_get('max_execution_time'));
set_time_limit(0);
$zip = new ZipArchive();
- if ($xsendfile) {
- $filename = OC_Helper::tmpFileNoClean('.zip');
- }else{
- $filename = OC_Helper::tmpFile('.zip');
- }
+ $filename = OC_Helper::tmpFile('.zip');
if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) {
exit("cannot open <$filename>\n");
}
$file = $dir . '/' . $files;
self::zipAddDir($file, $zip);
$zip->close();
+ if ($xsendfile) {
+ $filename = OC_Helper::moveToNoClean($filename);
+ }
$name = $files . '.zip';
set_time_limit($executionTime);
} else {
diff --git a/lib/helper.php b/lib/helper.php
index 73484ad913f..d178c3dc50b 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -541,13 +541,15 @@ class OC_Helper {
}
/**
- * create a temporary file with an unique filename. It will not be deleted
- * automatically
- * @param string $postfix
- * @return string
+ * move a file to oc-noclean temp dir
+ * @param string $filename
+ * @return mixed
*
*/
- public static function tmpFileNoClean($postfix='') {
+ public static function moveToNoClean($filename='') {
+ if ($filename == '') {
+ return false;
+ }
$tmpDirNoClean=get_temp_dir().'/oc-noclean/';
if (!file_exists($tmpDirNoClean) || !is_dir($tmpDirNoClean)) {
if (file_exists($tmpDirNoClean)) {
@@ -555,10 +557,12 @@ class OC_Helper {
}
mkdir($tmpDirNoClean);
}
- $file=$tmpDirNoClean.md5(time().rand()).$postfix;
- $fh=fopen($file, 'w');
- fclose($fh);
- return $file;
+ $newname=$tmpDirNoClean.basename($filename);
+ if (rename($filename, $newname)) {
+ return $newname;
+ } else {
+ return false;
+ }
}
/**
@@ -597,7 +601,7 @@ class OC_Helper {
}
/**
- * remove all files created by self::tmpFileNoClean
+ * remove all files in PHP /oc-noclean temp dir
*/
public static function cleanTmpNoClean() {
$tmpDirNoCleanFile=get_temp_dir().'/oc-noclean/';