Index: includes/file.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/file.inc,v
retrieving revision 1.121.2.1
diff -u -8 -p -r1.121.2.1 file.inc
--- includes/file.inc 7 Feb 2008 18:20:37 -0000 1.121.2.1
+++ includes/file.inc 16 Apr 2008 22:05:34 -0000
@@ -28,16 +28,37 @@ define('FILE_EXISTS_ERROR', 2);
*
* If you wish to add custom statuses for use by contrib modules please expand as
* binary flags and consider the first 8 bits reserved. (0,1,2,4,8,16,32,64,128)
*/
define('FILE_STATUS_TEMPORARY', 0);
define('FILE_STATUS_PERMANENT', 1);
/**
+ * Get absolute path of a file or directory.
+ *
+ * @param $path A string containing a path to a file or directory.
+ * @return A string containing the absolute path to the file/directory,
+ * or FALSE if file/directory does not exist.
+ */
+function file_realpath($path) {
+ if (preg_match('@^([\w.]+)://(.*)@', $path, $reg)) {
+ if (strncasecmp($path, 'file://', 7) == 0) {
+ $path = realpath(substr($path, 7));
+ return $path ? 'file://' . $path : $path;
+ } else{
+ // realpath not supported for other stream wrappers
+ return file_exists($path) ? $path : false;
+ }
+ } else {
+ return realpath($path);
+ }
+}
+
+/**
* Create the download path to a file.
*
* @param $path A string containing the path of the file to generate URL for.
* @return A string containing a URL that can be used to download the file.
*/
function file_create_url($path) {
// Strip file_directory_path from $path. We only include relative paths in urls.
if (strpos($path, file_directory_path() .'/') === 0) {
@@ -123,17 +144,17 @@ function file_check_directory(&$director
return FALSE;
}
}
if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
$htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
fclose($fp);
- chmod($directory .'/.htaccess', 0664);
+ @chmod($directory .'/.htaccess', 0664);
}
else {
$variables = array('%directory' => $directory, '!htaccess' => '
'. nl2br(check_plain($htaccess_lines)));
form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: !htaccess", $variables));
watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: !htaccess", $variables, WATCHDOG_ERROR);
}
}
@@ -174,25 +195,25 @@ function file_check_path(&$path) {
* file_check_location('/www/example.com/files/../../../etc/passwd', '/www/example.com/files');
* @endcode
*
* @param $source A string set to the file to check.
* @param $directory A string where the file should be located.
* @return 0 for invalid path or the real path of the source.
*/
function file_check_location($source, $directory = '') {
- $check = realpath($source);
+ $check = file_realpath($source);
if ($check) {
$source = $check;
}
else {
// This file does not yet exist
- $source = realpath(dirname($source)) .'/'. basename($source);
+ $source = file_realpath(dirname($source)) .'/'. basename($source);
}
- $directory = realpath($directory);
+ $directory = file_realpath($directory);
if ($directory && strpos($source, $directory) !== 0) {
return 0;
}
return $source;
}
/**
* Copies a file to a new location. This is a powerful function that in many ways
@@ -231,30 +252,30 @@ function file_copy(&$source, $dest = 0,
if (is_object($source)) {
$file = $source;
$source = $file->filepath;
if (!$basename) {
$basename = $file->filename;
}
}
- $source = realpath($source);
+ $source = file_realpath($source);
if (!file_exists($source)) {
drupal_set_message(t('The selected file %file could not be copied, because no file by that name exists. Please check that you supplied the correct filename.', array('%file' => $source)), 'error');
return 0;
}
// If the destination file is not specified then use the filename of the source file.
$basename = $basename ? $basename : basename($source);
$dest = $directory .'/'. $basename;
// Make sure source and destination filenames are not the same, makes no sense
// to copy it if they are. In fact copying the file will most likely result in
// a 0 byte file. Which is bad. Real bad.
- if ($source != realpath($dest)) {
+ if ($source != file_realpath($dest)) {
if (!$dest = file_destination($dest, $replace)) {
drupal_set_message(t('The selected file %file could not be copied, because a file by that name already exists in the destination.', array('%file' => $source)), 'error');
return FALSE;
}
if (!@copy($source, $dest)) {
drupal_set_message(t('The selected file %file could not be copied.', array('%file' => $source)), 'error');
return 0;
@@ -746,19 +767,17 @@ function file_validate_image_resolution(
* @param $replace Replace behavior when the destination file already exists.
* - FILE_EXISTS_REPLACE - Replace the existing file
* - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
* - FILE_EXISTS_ERROR - Do nothing and return FALSE.
*
* @return A string containing the resulting filename or 0 on error
*/
function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
- $temp = file_directory_temp();
- // On Windows, tempnam() requires an absolute path, so we use realpath().
- $file = tempnam(realpath($temp), 'file');
+ $file = file_directory_temp() .'/file_'. md5(getmypid() . microtime(true));
if (!$fp = fopen($file, 'wb')) {
drupal_set_message(t('The file could not be created.'), 'error');
return 0;
}
fwrite($fp, $data);
fclose($fp);
if (!file_move($file, $dest, $replace)) {