From: Thijs K. <ki...@us...> - 2005-01-24 10:37:44
|
Update of /cvsroot/squirrelmail/squirrelmail/plugins/squirrelspell/modules In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13790/modules Modified Files: Tag: SM-1_4-STABLE check_me.mod Log Message: If we have PHP 4.3.0, we can make SquirrelSpell work with safe_mode. This also removes the need for the 'cat' program when using older PHP, easing the use of this plugin under Windows. The patch is provided by Ray Ferguson, #752314. Backport from devel, where it has functioned for months without issues. Index: check_me.mod =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/plugins/squirrelspell/modules/check_me.mod,v retrieving revision 1.10.2.4 retrieving revision 1.10.2.5 diff -u -w -r1.10.2.4 -r1.10.2.5 --- check_me.mod 25 Oct 2004 01:14:53 -0000 1.10.2.4 +++ check_me.mod 24 Jan 2005 10:37:33 -0000 1.10.2.5 @@ -80,34 +80,38 @@ */ $sqspell_command=$SQSPELL_APP[$sqspell_use_app]; /** - * For the simplicity's sake we'll put all text into a file in - * attachment_dir directory, then cat it and pipe it to - * sqspell_command. There are other ways to do it, including popen(), - * but it's unidirectional and no fun at all. - * - * The name of the file is an md5 hash of the message itself plus - * microtime. This prevents symlink attacks. The loop is here to - * further enhance this feature, and make sure we don't overwrite - * someone else's data, although the possibility of this happening is - * QUITE remote. - */ + * If you have php >= 4.3.0, we can use proc_open and safe mode + * and not mess w/ temp files. Otherwise we will do it the old + * way, (minus the uneeded call to cat that messes up Wintel + * boxen.) + * Thanks Ray Ferguson for providing this patch. + */ +if( check_php_version ( 4, 3 ) ) { + $descriptorspec = array( + 0 => array('pipe', 'r'), // stdin is a pipe that the child will read from + 1 => array('pipe', 'w'), // stdout is a pipe that the child will write to + 2 => array('pipe', 'w'), // stderr is a pipe that the child will write to + ); + $spell_proc=proc_open($sqspell_command, $descriptorspec, $pipes); + fwrite($pipes[0], $sqspell_new_text); + fclose($pipes[0]); + $sqspell_output = array(); + for($i=1; $i<=2; $i++){ + while(!feof($pipes[$i])) + array_push($sqspell_output, rtrim(fgetss($pipes[$i],999),"\n")); + fclose($pipes[$i]); + } + $sqspell_exitcode=proc_close($spell_proc); +} else { do { $floc = "$attachment_dir/" . md5($sqspell_new_text . microtime()); } while (file_exists($floc)); -/** - * Write the contents to the file. - */ $fp=fopen($floc, 'w'); fwrite($fp, $sqspell_new_text); fclose($fp); -/** - * Execute ispell/aspell and catch the output. - */ -exec("cat $floc | $sqspell_command 2>&1", $sqspell_output, $sqspell_exitcode); -/** - * Remove the temp file. - */ + exec("$sqspell_command < $floc 2>&1", $sqspell_output, $sqspell_exitcode); unlink($floc); +} /** * Check if the execution was successful. Bail out if it wasn't. |