Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.140 diff -u -u -p -r1.140 file.inc --- includes/file.inc 19 Oct 2008 20:18:58 -0000 1.140 +++ includes/file.inc 2 Nov 2008 01:30:52 -0000 @@ -165,7 +165,7 @@ function file_check_directory(&$director // Check if directory exists. if (!is_dir($directory)) { if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory)) { - @chmod($directory, 0775); // Necessary for non-webserver users. + @chmod($directory, variable_get('file_directory_writable', 0775)); // Necessary for non-webserver users. } else { if ($form_item) { @@ -180,7 +180,7 @@ function file_check_directory(&$director if (!is_writable($directory)) { // If not able to modify permissions, or if able to, but chmod // fails, return false. - if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775))) { + if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, variable_get('file_directory_writable', 0775)))) { if ($form_item) { form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory))); watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR); @@ -193,7 +193,7 @@ function file_check_directory(&$director $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks"; if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); - chmod($directory . '/.htaccess', 0664); + chmod($directory . '/.htaccess', variable_get('file_file_writable', 0664)); } else { $variables = array('%directory' => $directory, '!htaccess' => '
' . nl2br(check_plain($htaccess_lines))); @@ -466,11 +466,10 @@ function file_unmanaged_copy($source, $d return FALSE; } - // Give everyone read access so that FTP'd users or - // non-webserver users can see/read these files, - // and give group write permissions so group members - // can alter files uploaded by the webserver. - @chmod($destination, 0664); + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($destination, variable_get('file_file_writable', 0664)); return $destination; } @@ -897,6 +896,11 @@ function file_save_upload($source, $vali return FALSE; } + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($file->filepath, variable_get('file_file_writable', 0664)); + // If we made it this far it's safe to record this file in the database. if ($file = file_save($file)) { // Add file to the cache. Index: modules/color/color.module =================================================================== RCS file: /cvs/drupal/drupal/modules/color/color.module,v retrieving revision 1.49 diff -u -u -p -r1.49 color.module --- modules/color/color.module 26 Oct 2008 18:06:38 -0000 1.49 +++ modules/color/color.module 2 Nov 2008 01:30:53 -0000 @@ -439,7 +439,7 @@ function _color_save_stylesheet($file, $ $paths['files'][] = $filepath; // Set standard file permissions for webserver-generated files. - @chmod($file, 0664); + @chmod($file, variable_get('file_file_writable', 0664)); } /** @@ -497,7 +497,7 @@ function _color_render_images($theme, &$ $paths['files'][] = $image; // Set standard file permissions for webserver-generated files - @chmod(realpath($image), 0664); + @chmod(realpath($image), variable_get('file_file_writable', 0664)); // Build before/after map of image paths. $paths['map'][$file] = $base;