Fix #2963
Changed all file permissions settings throught the framework
and the documentation.
Also added configuration settings for CI_Log and CI_Image_lib
diff --git a/application/config/config.php b/application/config/config.php
index b6b3c9f..e8d30b6 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -264,6 +264,18 @@
/*
|--------------------------------------------------------------------------
+| Log File Permissions
+|--------------------------------------------------------------------------
+|
+| The file system permissions to be applied on newly created log files.
+|
+| IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal
+| integer notation (i.e. 0700, 0644, etc.)
+*/
+$config['log_file_permissions'] = 0644;
+
+/*
+|--------------------------------------------------------------------------
| Date Format for Logs
|--------------------------------------------------------------------------
|
diff --git a/application/config/constants.php b/application/config/constants.php
index 239fd46..c19f044 100644
--- a/application/config/constants.php
+++ b/application/config/constants.php
@@ -42,7 +42,7 @@
define('FILE_READ_MODE', 0644);
define('FILE_WRITE_MODE', 0666);
define('DIR_READ_MODE', 0755);
-define('DIR_WRITE_MODE', 0777);
+define('DIR_WRITE_MODE', 0755);
/*
|--------------------------------------------------------------------------
diff --git a/system/core/Log.php b/system/core/Log.php
index a949c3f..57505b5 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -45,32 +45,39 @@
protected $_log_path;
/**
+ * File permissions
+ *
+ * @var int
+ */
+ protected $_file_permissions = 0644;
+
+ /**
* Level of logging
*
* @var int
*/
- protected $_threshold = 1;
+ protected $_threshold = 1;
/**
* Highest level of logging
*
* @var int
*/
- protected $_threshold_max = 0;
+ protected $_threshold_max = 0;
/**
* Array of threshold levels to log
*
* @var array
*/
- protected $_threshold_array = array();
+ protected $_threshold_array = array();
/**
* Format of timestamp for log files
*
* @var string
*/
- protected $_date_fmt = 'Y-m-d H:i:s';
+ protected $_date_fmt = 'Y-m-d H:i:s';
/**
* Filename extension
@@ -84,14 +91,14 @@
*
* @var bool
*/
- protected $_enabled = TRUE;
+ protected $_enabled = TRUE;
/**
* Predefined logging levels
*
* @var array
*/
- protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4);
+ protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4);
// --------------------------------------------------------------------
@@ -108,7 +115,7 @@
$this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '')
? ltrim($config['log_file_extension'], '.') : 'php';
- file_exists($this->_log_path) OR mkdir($this->_log_path, 0777, TRUE);
+ file_exists($this->_log_path) OR mkdir($this->_log_path, 0755, TRUE);
if ( ! is_dir($this->_log_path) OR ! is_really_writable($this->_log_path))
{
@@ -125,10 +132,15 @@
$this->_threshold_array = array_flip($config['log_threshold']);
}
- if ($config['log_date_format'] !== '')
+ if ( ! empty($config['log_date_format']))
{
$this->_date_fmt = $config['log_date_format'];
}
+
+ if (is_int($config['log_file_permissions']))
+ {
+ $this->_file_permissions = $config['log_file_permissions'];
+ }
}
// --------------------------------------------------------------------
@@ -192,7 +204,7 @@
if (isset($newfile) && $newfile === TRUE)
{
- @chmod($filepath, 0666);
+ chmod($filepath, $this->_file_permissions);
}
return is_int($result);
diff --git a/system/core/Output.php b/system/core/Output.php
index 238d223..de07125 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -606,7 +606,7 @@
if (is_int($result))
{
- @chmod($cache_path, 0666);
+ chmod($cache_path, 0640);
log_message('debug', 'Cache file written: '.$cache_path);
// Send HTTP cache-control headers to browser to match file cache settings.
diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php
index b855ff2..2efb42c 100644
--- a/system/database/DB_cache.php
+++ b/system/database/DB_cache.php
@@ -156,14 +156,9 @@
$dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/';
$filename = md5($sql);
- if ( ! is_dir($dir_path))
+ if ( ! is_dir($dir_path) && ! @mkdir($dir_path, 0750))
{
- if ( ! @mkdir($dir_path, 0777))
- {
- return FALSE;
- }
-
- @chmod($dir_path, 0777);
+ return FALSE;
}
if (write_file($dir_path.$filename, serialize($object)) === FALSE)
@@ -171,7 +166,7 @@
return FALSE;
}
- @chmod($dir_path.$filename, 0666);
+ chmod($dir_path.$filename, 0640);
return TRUE;
}
diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php
index aa2e8fa..2989804 100644
--- a/system/libraries/Cache/drivers/Cache_file.php
+++ b/system/libraries/Cache/drivers/Cache_file.php
@@ -92,7 +92,7 @@
if (write_file($this->_cache_path.$id, serialize($contents)))
{
- @chmod($this->_cache_path.$id, 0660);
+ chmod($this->_cache_path.$id, 0640);
return TRUE;
}
diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php
index f1339b5..3975370 100644
--- a/system/libraries/Image_lib.php
+++ b/system/libraries/Image_lib.php
@@ -327,6 +327,13 @@
public $full_dst_path = '';
/**
+ * File permissions
+ *
+ * @var int
+ */
+ public $file_permissions = 0644;
+
+ /**
* Name of function to create image
*
* @var string
@@ -734,7 +741,7 @@
{
if ($this->source_image !== $this->new_image && @copy($this->full_src_path, $this->full_dst_path))
{
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
}
return TRUE;
@@ -810,8 +817,7 @@
imagedestroy($dst_img);
imagedestroy($src_img);
- // Set the file to 666
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
@@ -880,8 +886,7 @@
return FALSE;
}
- // Set the file to 666
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
@@ -969,7 +974,7 @@
// we have to rename the temp file.
copy($this->dest_folder.'netpbm.tmp', $this->full_dst_path);
unlink($this->dest_folder.'netpbm.tmp');
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
@@ -1013,8 +1018,7 @@
imagedestroy($dst_img);
imagedestroy($src_img);
- // Set the file to 666
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
@@ -1086,8 +1090,7 @@
// Kill the file handles
imagedestroy($src_img);
- // Set the file to 666
- @chmod($this->full_dst_path, 0666);
+ chmod($this->full_dst_path, $this->file_permissions);
return TRUE;
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 64a7689..bcee73a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -333,6 +333,7 @@
- If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified.
- Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library.
- Added support for maintaining transparency for PNG images in method ``text_watermark()``.
+ - Added a **file_permissions** setting.
- :doc:`Form Validation Library <libraries/form_validation>` changes include:
@@ -533,6 +534,11 @@
- Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available.
- Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public.
+ - Log Library changes include:
+
+ - Added a ``$config['log_file_permissions']`` setting.
+ - Changed the library constructor to try to create the **log_path** directory if it doesn't exist.
+
- Added `compatibility layers <general/compatibility_functions>` for:
- `Multibyte String <http://php.net/mbstring>`_ (limited support).
@@ -541,7 +547,6 @@
- `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``.
- Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions).
- - Log Library will now try to create the **log_path** directory if it doesn't exist.
- Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE).
- ``$config['time_reference']`` now supports all timezone strings supported by PHP.
- Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged.
diff --git a/user_guide_src/source/helpers/captcha_helper.rst b/user_guide_src/source/helpers/captcha_helper.rst
index d83490b..1b74d08 100644
--- a/user_guide_src/source/helpers/captcha_helper.rst
+++ b/user_guide_src/source/helpers/captcha_helper.rst
@@ -54,7 +54,7 @@
can draw randomly from.
- If you do not specify a path to a TRUE TYPE font, the native ugly GD
font will be used.
-- The "captcha" folder must be writable (666, or 777)
+- The "captcha" directory must be writable
- The **expiration** (in seconds) signifies how long an image will remain
in the captcha folder before it will be deleted. The default is two
hours.
diff --git a/user_guide_src/source/helpers/file_helper.rst b/user_guide_src/source/helpers/file_helper.rst
index 59cabcc..013b583 100644
--- a/user_guide_src/source/helpers/file_helper.rst
+++ b/user_guide_src/source/helpers/file_helper.rst
@@ -80,8 +80,8 @@
for mode options.
.. note: In order for this function to write data to a file, its permissions must
- be set such that it is writable (666, 777, etc.). If the file does not
- already exist, the directory containing it must be writable.
+ be set such that it is writable. If the file does not already exist,
+ then the directory containing it must be writable.
.. note:: The path is relative to your main site index.php file, NOT your
controller or view files. CodeIgniter uses a front controller so paths
diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst
index dd94404..4be1a6e 100644
--- a/user_guide_src/source/libraries/ftp.rst
+++ b/user_guide_src/source/libraries/ftp.rst
@@ -270,7 +270,7 @@
::
// Creates a folder named "bar"
- $this->ftp->mkdir('/public_html/foo/bar/', DIR_WRITE_MODE);
+ $this->ftp->mkdir('/public_html/foo/bar/', 0755);
.. method:: chmod($path, $perm)
@@ -282,8 +282,8 @@
Permits you to set file permissions. Supply the path to the file or
directory you wish to alter permissions on::
- // Chmod "bar" to 777
- $this->ftp->chmod('/public_html/foo/bar/', DIR_WRITE_MODE);
+ // Chmod "bar" to 755
+ $this->ftp->chmod('/public_html/foo/bar/', 0755);
.. method:: changedir($path[, $suppress_debug = FALSE])
diff --git a/user_guide_src/source/libraries/image_lib.rst b/user_guide_src/source/libraries/image_lib.rst
index 16acf09..a52cf3e 100644
--- a/user_guide_src/source/libraries/image_lib.rst
+++ b/user_guide_src/source/libraries/image_lib.rst
@@ -137,6 +137,8 @@
image can be shown at a time, and it can't be positioned on the page. It
simply outputs the raw image dynamically to your browser, along with
image headers.
+**file_permissions** 0644 (integer) File system permissions to apply on the resulting image file, R, C, X, W
+ writing it to the disk. WARNING: Use octal integer notation!
**quality** 90% 1 - 100% Sets the quality of the image. The higher the quality the larger the R, C, X, W
file size.
**new_image** None None Sets the destination image name/path. You'll use this preference when R, C, X, W
diff --git a/user_guide_src/source/libraries/zip.rst b/user_guide_src/source/libraries/zip.rst
index 5ff7d07..4ca1408 100644
--- a/user_guide_src/source/libraries/zip.rst
+++ b/user_guide_src/source/libraries/zip.rst
@@ -173,7 +173,7 @@
:rtype: bool
Writes the Zip-encoded file to a directory on your server. Submit a valid server path ending in the file name.
- Make sure the directory is writable (660 or 666 is usually OK). Example::
+ Make sure the directory is writable (755 is usually OK). Example::
$this->zip->archive('/path/to/folder/myarchive.zip'); // Creates a file named myarchive.zip