Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.155 diff -u -p -r1.155 file.inc --- includes/file.inc 22 Jan 2009 12:46:05 -0000 1.155 +++ includes/file.inc 28 Jan 2009 21:40:41 -0000 @@ -157,7 +157,7 @@ function file_check_directory(&$director // Check if directory exists. if (!is_dir($directory)) { if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory)) { - @chmod($directory, 0775); // Necessary for non-webserver users. + @chmod($directory, variable_get('file_chmod_directory', 0775)); // Necessary for non-webserver users. } else { if ($form_item) { @@ -172,7 +172,7 @@ function file_check_directory(&$director if (!is_writable($directory)) { // If not able to modify permissions, or if able to, but chmod // fails, return false. - if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775))) { + if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, variable_get('file_chmod_directory', 0775)))) { if ($form_item) { form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory))); watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR); @@ -185,7 +185,7 @@ function file_check_directory(&$director $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks"; if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); - chmod($directory . '/.htaccess', 0664); + chmod($directory . '/.htaccess', variable_get('file_chmod_file', 0664)); } else { $variables = array('%directory' => $directory, '!htaccess' => '
' . nl2br(check_plain($htaccess_lines))); @@ -483,11 +483,10 @@ function file_unmanaged_copy($source, $d return FALSE; } - // Give everyone read access so that FTP'd users or - // non-webserver users can see/read these files, - // and give group write permissions so group members - // can alter files uploaded by the webserver. - @chmod($destination, 0664); + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($destination, variable_get('file_chmod_file', 0664)); return $destination; } @@ -957,6 +956,11 @@ function file_save_upload($source, $vali return FALSE; } + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($file->filepath, variable_get('file_chmod_file', 0664)); + // If we are replacing an existing file re-use its database record. if ($replace == FILE_EXISTS_REPLACE) { $existing_files = file_load_multiple(array(), array('filepath' => $file->filepath)); Index: modules/color/color.module =================================================================== RCS file: /cvs/drupal/drupal/modules/color/color.module,v retrieving revision 1.53 diff -u -p -r1.53 color.module --- modules/color/color.module 22 Jan 2009 03:11:52 -0000 1.53 +++ modules/color/color.module 28 Jan 2009 21:40:41 -0000 @@ -455,7 +455,7 @@ function _color_save_stylesheet($file, $ $paths['files'][] = $filepath; // Set standard file permissions for webserver-generated files. - @chmod($file, 0664); + @chmod($file, variable_get('file_chmod_file', 0664)); } /** @@ -513,7 +513,7 @@ function _color_render_images($theme, &$ $paths['files'][] = $image; // Set standard file permissions for webserver-generated files - @chmod(realpath($image), 0664); + @chmod($image, variable_get('file_chmod_file', 0664)); // Build before/after map of image paths. $paths['map'][$file] = $base; Index: modules/simpletest/tests/file.test =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file.test,v retrieving revision 1.21 diff -u -p -r1.21 file.test --- modules/simpletest/tests/file.test 20 Jan 2009 02:56:05 -0000 1.21 +++ modules/simpletest/tests/file.test 28 Jan 2009 21:40:42 -0000 @@ -89,6 +89,30 @@ class FileTestCase extends DrupalWebTest } /** + * Helper function to test the permissions of a directory. + * + * @param $directory + * String directory path. + * @param $expected_mode + * Octal integer like 0664 or 0777. + * @param $message + * Optional message. + */ + function assertDirectoryPermissions($directory, $expected_mode, $message = NULL) { + // Mask out all but the last three octets. + $actual_mode = fileperms($directory) & 511; + if (is_null($message)) { + if ($actual_mode == $expected_mode) { + $message = t('Directory permissions set correctly.'); + } + else { + $message = t('Expected directory permission to be %expected, actually were %actual.', array('%actual' => decoct($actual_mode), '%expected' => decoct($expected_mode))); + } + } + $this->assertEqual($actual_mode, $expected_mode, $message); + } + + /** * Create a directory and assert it exists. * * @param $path @@ -467,7 +491,10 @@ class FileUnmanagedSaveDataTest extends $this->assertEqual(file_directory_path(), dirname($filepath), t("File was placed in Drupal's files directory.")); $this->assertEqual('asdf.txt', basename($filepath), t('File was named correctly.')); $this->assertEqual($contents, file_get_contents(realpath($filepath)), t('Contents of the file are correct.')); - $this->assertFilePermissions($filepath, 0664); + $this->assertFilePermissions($filepath, variable_get('file_chmod_file', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($filepath), t('File is writeable.'), 'File'); } } @@ -655,7 +682,11 @@ class FileDirectoryTest extends FileTest // Test directory permission modification. $this->assertTrue(file_check_directory($directory, FILE_MODIFY_PERMISSIONS), t('No error reported when making directory writeable.'), 'File'); - // Verify directory actually is writeable. + // Test directory permission modification actually set correct permissions. + $this->assertDirectoryPermissions($directory, variable_get('file_chmod_directory', 0775)); + + // Verify directory actually is readable and writeable by PHP. + $this->assertTrue(is_readable($directory), t('Directory is readable.'), 'File'); $this->assertTrue(is_writeable($directory), t('Directory is writeable.'), 'File'); // Remove .htaccess file to then test that it gets re-created. @@ -875,7 +906,10 @@ class FileUnmanagedMoveTest extends File $this->assertEqual($new_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($new_filepath), t('File exists at the new location.')); $this->assertFalse(file_exists($file->filepath), t('No file remains at the old location.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_chmod_file', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // Moving with rename. $desired_filepath = file_directory_path() . '/' . $this->randomName(); @@ -886,7 +920,10 @@ class FileUnmanagedMoveTest extends File $this->assertNotEqual($newer_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($newer_filepath), t('File exists at the new location.')); $this->assertFalse(file_exists($new_filepath), t('No file remains at the old location.')); - $this->assertFilePermissions($newer_filepath, 0664); + $this->assertFilePermissions($newer_filepath, variable_get('file_chmod_file', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($newer_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($newer_filepath), t('File is writeable.'), 'File'); // TODO: test moving to a directory (rather than full directory/file path) } @@ -947,7 +984,10 @@ class FileUnmanagedCopyTest extends File $this->assertEqual($new_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($file->filepath), t('Original file remains.')); $this->assertTrue(file_exists($new_filepath), t('New file exists.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_chmod_file', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // Copying with rename. $desired_filepath = file_directory_path() . '/' . $this->randomName(); @@ -957,7 +997,10 @@ class FileUnmanagedCopyTest extends File $this->assertNotEqual($newer_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($file->filepath), t('Original file remains.')); $this->assertTrue(file_exists($new_filepath), t('New file exists.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_chmod_file', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // TODO: test copying to a directory (rather than full directory/file path) } Index: modules/upload/upload.test =================================================================== RCS file: /cvs/drupal/drupal/modules/upload/upload.test,v retrieving revision 1.12 diff -u -p -r1.12 upload.test --- modules/upload/upload.test 27 Jan 2009 00:22:27 -0000 1.12 +++ modules/upload/upload.test 28 Jan 2009 21:40:42 -0000 @@ -199,6 +199,9 @@ class UploadTestCase extends DrupalWebTe $this->drupalGet($base_url . '/' . file_directory_path() . '/' . $filename, array('external' => TRUE)); $this->assertResponse(array(200), 'Uploaded ' . $filename . ' is accessible.'); $this->assertEqual(file_get_contents($file), $this->drupalGetContent(), 'Uploaded contents of ' . $filename . ' verified.'); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($file), t('Uploaded file is readable.')); + $this->assertTrue(is_writeable($file), t('Uploaded file is writeable.')); } /**