Skip to content

Commit

Permalink
Merge pull request #46 from ashnazg/mkdir-perms
Browse files Browse the repository at this point in the history 
use 775 default for mkdirs, to avoid world-write
  • Loading branch information
@mcdruid
mcdruid authored Jan 29, 2024
2 parents abc967f + 30f5bf7 commit 32ef9ea
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Archive/Tar.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2115,7 +2115,7 @@ public function _extractList(
if ($v_extract_file) {
if ($v_header['typeflag'] == "5") {
if (!@file_exists($v_header['filename'])) {
if (!@mkdir($v_header['filename'], 0777)) {
if (!@mkdir($v_header['filename'], 0775)) {
$this->_error(
'Unable to create directory {'
. $v_header['filename'] . '}'
Expand Down Expand Up @@ -2448,7 +2448,7 @@ public function _dirCheck($p_dir)
return false;
}

if (!@mkdir($p_dir, 0777)) {
if (!@mkdir($p_dir, 0775)) {
$this->_error("Unable to create directory '$p_dir'");
return false;
}
Expand Down
22 changes: 22 additions & 0 deletions tests/dir_permissions.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
--TEST--
test permissions of created dirs
--SKIPIF--
--FILE--
<?php
require_once dirname(__FILE__) . '/setup.php.inc';
umask('000'); // force default to 777 to confirm we create tighter
$tar = new Archive_Tar(dirname(__FILE__) . '/dir_permissions.tar');
$tar->extract('', true);
$phpunit->assertNoErrors('after');
echo substr(sprintf('%o', fileperms('dir_permissions')), -4), PHP_EOL;
echo 'tests done';
?>
--CLEAN--
<?php
unlink('dir_permissions/a.txt');
unlink('dir_permissions/b.txt');
rmdir('dir_permissions');
?>
--EXPECT--
0775
tests done
Binary file added tests/dir_permissions.tar
View file
Binary file not shown.

0 comments on commit 32ef9ea

Please sign in to comment.