From: Jim J. <ji...@us...> - 2006-07-07 15:37:12
|
Update of /cvsroot/telaen/telaen/inc In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv7215/inc Modified Files: class.telaen_mail.php config.php.default inc.php preinit.php Log Message: Allow the umask setting and the directory permission bitmask to be set via config.php and used throughout telaen. Index: preinit.php =================================================================== RCS file: /cvsroot/telaen/telaen/inc/preinit.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** preinit.php 20 Mar 2006 14:51:27 -0000 1.3 --- preinit.php 7 Jul 2006 15:37:02 -0000 1.4 *************** *** 17,21 **** $error_flags = E_ALL & ~E_NOTICE; ! umask(0077); @error_reporting($error_flags); --- 17,21 ---- $error_flags = E_ALL & ~E_NOTICE; ! umask($default_umask); @error_reporting($error_flags); Index: inc.php =================================================================== RCS file: /cvsroot/telaen/telaen/inc/inc.php,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** inc.php 29 Jun 2006 11:52:06 -0000 1.14 --- inc.php 7 Jul 2006 15:37:02 -0000 1.15 *************** *** 157,160 **** --- 157,161 ---- $UM->timeout = $idle_timeout; + $UM->dirperm = $dirperm; $prefs = load_prefs(); Index: class.telaen_mail.php =================================================================== RCS file: /cvsroot/telaen/telaen/inc/class.telaen_mail.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** class.telaen_mail.php 10 Apr 2006 09:48:20 -0000 1.12 --- class.telaen_mail.php 7 Jul 2006 15:37:02 -0000 1.13 *************** *** 9,14 **** var $_system_folders = Array("inbox","trash","sent","spam"); var $_current_folder = ""; ! var $CRLF = "\r\n"; ! var $userspamlevel = 0; // Disabled function Telaen() { --- 9,15 ---- var $_system_folders = Array("inbox","trash","sent","spam"); var $_current_folder = ""; ! var $CRLF = "\r\n"; ! var $userspamlevel = 0; // Disabled ! var $dirperm = 0700; // recall affected by umask value function Telaen() { *************** *** 161,165 **** if(!file_exists($this->user_folder)) ! if(!@mkdir($this->user_folder,0700)) die("<h1><br><br><br><center>$error_permiss</center></h1>"); $boxes = $this->mail_list_boxes(); --- 162,166 ---- if(!file_exists($this->user_folder)) ! if(!@mkdir($this->user_folder,$this->dirperm)) die("<h1><br><br><br><center>$error_permiss</center></h1>"); $boxes = $this->mail_list_boxes(); *************** *** 191,195 **** if(!in_array(strtolower($current_folder),$this->_system_folders)) if(!file_exists($this->user_folder.$current_folder)) ! mkdir($this->user_folder.$current_folder,0700); } --- 192,196 ---- if(!in_array(strtolower($current_folder),$this->_system_folders)) if(!file_exists($this->user_folder.$current_folder)) ! mkdir($this->user_folder.$current_folder,$this->dirperm); } *************** *** 205,209 **** if(in_array(strtolower($value),$this->_system_folders)) $value = strtolower($value); ! mkdir($this->user_folder.$value,0700); } } --- 206,210 ---- if(in_array(strtolower($value),$this->_system_folders)) $value = strtolower($value); ! mkdir($this->user_folder.$value,$this->dirperm); } } *************** *** 1082,1086 **** $buffer = $this->mail_get_line(); if(eregi("^(".$this->_sid." OK)",$buffer)) { ! @mkdir($this->user_folder.$boxname,0700); return 1; } else { --- 1083,1087 ---- $buffer = $this->mail_get_line(); if(eregi("^(".$this->_sid." OK)",$buffer)) { ! @mkdir($this->user_folder.$boxname,$this->dirperm); return 1; } else { *************** *** 1090,1094 **** } else { /* if POP3, only make a new folder */ ! if(@mkdir($this->user_folder.$boxname,0700)) return 1; else return 0; --- 1091,1095 ---- } else { /* if POP3, only make a new folder */ ! if(@mkdir($this->user_folder.$boxname,$this->dirperm)) return 1; else return 0; Index: config.php.default =================================================================== RCS file: /cvsroot/telaen/telaen/inc/config.php.default,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** config.php.default 28 Jun 2006 07:41:39 -0000 1.10 --- config.php.default 7 Jul 2006 15:37:02 -0000 1.11 *************** *** 35,45 **** ######################################################################## - # Make the default file and directory creation more secure - ######################################################################## - - umask(0077); - - - ######################################################################## # Title prefix for webmail pages ######################################################################## --- 35,38 ---- *************** *** 343,345 **** --- 336,349 ---- $redirects_are_relative = no; + + ######################################################################## + # Control the default permissions of files and directories created + # by Telaen. For max security, the value of $default_umask should be 0077 + # and $dirperm should be 0700, but in shared environments, this + # may need to be adjusted + ######################################################################## + + $default_umask = 0077; + $dirperm = 0700; + ?> |