Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.145 diff -u -p -u -p -r1.145 file.inc --- includes/file.inc 16 Nov 2008 19:41:14 -0000 1.145 +++ includes/file.inc 17 Nov 2008 23:41:21 -0000 @@ -165,7 +165,7 @@ function file_check_directory(&$director // Check if directory exists. if (!is_dir($directory)) { if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory)) { - @chmod($directory, 0775); // Necessary for non-webserver users. + @chmod($directory, variable_get('file_directory_writable', 0775)); // Necessary for non-webserver users. } else { if ($form_item) { @@ -180,7 +180,7 @@ function file_check_directory(&$director if (!is_writable($directory)) { // If not able to modify permissions, or if able to, but chmod // fails, return false. - if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, 0775))) { + if (!$mode || (($mode & FILE_MODIFY_PERMISSIONS) && !@chmod($directory, variable_get('file_directory_writable', 0775)))) { if ($form_item) { form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory))); watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR); @@ -193,7 +193,7 @@ function file_check_directory(&$director $htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks"; if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); - chmod($directory . '/.htaccess', 0664); + chmod($directory . '/.htaccess', variable_get('file_file_writable', 0664)); } else { $variables = array('%directory' => $directory, '!htaccess' => '
' . nl2br(check_plain($htaccess_lines))); @@ -466,11 +466,10 @@ function file_unmanaged_copy($source, $d return FALSE; } - // Give everyone read access so that FTP'd users or - // non-webserver users can see/read these files, - // and give group write permissions so group members - // can alter files uploaded by the webserver. - @chmod($destination, 0664); + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($destination, variable_get('file_file_writable', 0664)); return $destination; } @@ -897,6 +896,11 @@ function file_save_upload($source, $vali return FALSE; } + // By default, give everyone read access so that FTP'd users or + // non-webserver users can see/read these files, and give group write + // permissions so group members can alter files uploaded by the webserver. + @chmod($file->filepath, variable_get('file_file_writable', 0664)); + // If we made it this far it's safe to record this file in the database. if ($file = file_save($file)) { // Add file to the cache. Index: modules/color/color.module =================================================================== RCS file: /cvs/drupal/drupal/modules/color/color.module,v retrieving revision 1.50 diff -u -p -u -p -r1.50 color.module --- modules/color/color.module 10 Nov 2008 05:22:59 -0000 1.50 +++ modules/color/color.module 17 Nov 2008 23:41:21 -0000 @@ -439,7 +439,7 @@ function _color_save_stylesheet($file, $ $paths['files'][] = $filepath; // Set standard file permissions for webserver-generated files. - @chmod($file, 0664); + @chmod($file, variable_get('file_file_writable', 0664)); } /** @@ -497,7 +497,7 @@ function _color_render_images($theme, &$ $paths['files'][] = $image; // Set standard file permissions for webserver-generated files - @chmod(realpath($image), 0664); + @chmod($image, variable_get('file_file_writable', 0664)); // Build before/after map of image paths. $paths['map'][$file] = $base; Index: modules/simpletest/tests/file.test =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/file.test,v retrieving revision 1.12 diff -u -p -u -p -r1.12 file.test --- modules/simpletest/tests/file.test 16 Nov 2008 19:41:14 -0000 1.12 +++ modules/simpletest/tests/file.test 17 Nov 2008 23:41:21 -0000 @@ -44,6 +44,30 @@ class FileTestCase extends DrupalWebTest } /** + * Helper function to test the permissions of a directory. + * + * @param $directory + * String directory path. + * @param $expected_mode + * Octal integer like 0664 or 0777. + * @param $message + * Optional message. + */ + function assertDirectoryPermissions($directory, $expected_mode, $message = NULL) { + // Mask out all but the last three octets. + $actual_mode = fileperms($directory) & 511; + if (is_null($message)) { + if ($actual_mode == $expected_mode) { + $message = t('Directory permissions set correctly.'); + } + else { + $message = t('Expected directory permission to be %expected, actually were %actual.', array('%actual' => decoct($actual_mode), '%expected' => decoct($expected_mode))); + } + } + $this->assertEqual($actual_mode, $expected_mode, $message); + } + + /** * Create a directory and assert it exists. * * @param $path @@ -330,7 +354,10 @@ class FileUnmanagedSaveDataTest extends $this->assertEqual(file_directory_path(), dirname($filepath), t("File was placed in Drupal's files directory.")); $this->assertEqual('asdf.txt', basename($filepath), t('File was named correctly.')); $this->assertEqual($contents, file_get_contents(realpath($filepath)), t('Contents of the file are correct.')); - $this->assertFilePermissions($filepath, 0664); + $this->assertFilePermissions($filepath, variable_get('file_file_writable', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($filepath), t('File is writeable.'), 'File'); } } @@ -422,7 +449,11 @@ class FileDirectoryTest extends FileTest // Test directory permission modification. $this->assertTrue(file_check_directory($directory, FILE_MODIFY_PERMISSIONS), t('No error reported when making directory writeable.'), 'File'); - // Verify directory actually is writeable. + // Test directory permission modification actually set correct permissions. + $this->assertDirectoryPermissions($directory, variable_get('file_directory_writable', 0775)); + + // Verify directory actually is readable and writeable by PHP. + $this->assertTrue(is_readable($directory), t('Directory is readable.'), 'File'); $this->assertTrue(is_writeable($directory), t('Directory is writeable.'), 'File'); // Remove .htaccess file to then test that it gets re-created. @@ -651,7 +682,10 @@ class FileUnmanagedMoveTest extends File $this->assertEqual($new_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($new_filepath), t('File exists at the new location.')); $this->assertFalse(file_exists($file->filepath), t('No file remains at the old location.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_file_writable', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // Moving with rename. $desired_filepath = file_directory_path() . '/' . $this->randomName(); @@ -662,7 +696,10 @@ class FileUnmanagedMoveTest extends File $this->assertNotEqual($newer_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($newer_filepath), t('File exists at the new location.')); $this->assertFalse(file_exists($new_filepath), t('No file remains at the old location.')); - $this->assertFilePermissions($newer_filepath, 0664); + $this->assertFilePermissions($newer_filepath, variable_get('file_file_writable', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($newer_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($newer_filepath), t('File is writeable.'), 'File'); // TODO: test moving to a directory (rather than full directory/file path) } @@ -726,7 +763,10 @@ class FileUnmanagedCopyTest extends File $this->assertEqual($new_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($file->filepath), t('Original file remains.')); $this->assertTrue(file_exists($new_filepath), t('New file exists.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_file_writable', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // Copying with rename. $desired_filepath = file_directory_path() . '/' . $this->randomName(); @@ -736,7 +776,10 @@ class FileUnmanagedCopyTest extends File $this->assertNotEqual($newer_filepath, $desired_filepath, t('Returned expected filepath.')); $this->assertTrue(file_exists($file->filepath), t('Original file remains.')); $this->assertTrue(file_exists($new_filepath), t('New file exists.')); - $this->assertFilePermissions($new_filepath, 0664); + $this->assertFilePermissions($new_filepath, variable_get('file_file_writable', 0664)); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($new_filepath), t('File is readable.'), 'File'); + $this->assertTrue(is_writeable($new_filepath), t('File is writeable.'), 'File'); // TODO: test copying to a directory (rather than full directory/file path) } Index: modules/upload/upload.test =================================================================== RCS file: /cvs/drupal/drupal/modules/upload/upload.test,v retrieving revision 1.7 diff -u -p -u -p -r1.7 upload.test --- modules/upload/upload.test 13 Oct 2008 12:43:30 -0000 1.7 +++ modules/upload/upload.test 17 Nov 2008 23:41:21 -0000 @@ -197,6 +197,9 @@ class UploadTestCase extends DrupalWebTe $this->drupalGet($base_url . '/' . file_directory_path() . '/' . $filename, array('external' => TRUE)); $this->assertResponse(array(200), 'Uploaded ' . $filename . ' is accessible.'); $this->assertEqual(file_get_contents($file), $this->drupalGetContent(), 'Uploaded contents of ' . $filename . ' verified.'); + // Verify file actually is readable and writeable by PHP. + $this->assertTrue(is_readable($file), t('Uploaded file is readable.')); + $this->assertTrue(is_writeable($file), t('Uploaded file is writeable.')); } /**