From 85dfb152e699e3ec136bbc97ac99f1c38b964cf6 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Mon, 30 Jul 2007 23:44:36 +0200
Subject: [PATCH] [svn r12809] Updated default files and dirs permissions
 (using database security parameter)

---
 main/admin/user_add.php                       |  6 ++++--
 main/document/create_document.php             |  6 ++++--
 main/document/edit_document.php               |  7 +++++--
 main/install/install_functions.inc.php        | 19 ++++++++++-------
 main/install/update-files-1.6.x-1.8.0.inc.php | 21 +++++++++++--------
 main/install/update_files.inc.php             |  5 ++++-
 main/install/upgrade.php                      |  4 +++-
 main/mySpace/admin.php                        |  4 +++-
 main/mySpace/coaches.php                      |  4 +++-
 main/mySpace/progression.php                  |  4 +++-
 main/mySpace/teachers.php                     |  4 +++-
 11 files changed, 56 insertions(+), 28 deletions(-)

diff --git a/main/admin/user_add.php b/main/admin/user_add.php
index 8e6923a513..cadc057bce 100644
--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@@ -1,4 +1,4 @@
-<?php // $Id: user_add.php 12379 2007-05-11 09:16:27Z elixir_julian $
+<?php // $Id: user_add.php 12809 2007-07-30 21:44:36Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -169,8 +169,10 @@ if( $form->validate())
 		$picture_uri = '';
 		if (strlen($picture['name']) > 0)
 		{
+			$perm = api_get_setting('permissions_for_new_directories');
+			$perm = octdec(!empty($perm)?$perm:'0770');
 			if(!is_dir(api_get_path(SYS_CODE_PATH).'upload/users/')){
-				mkdir(api_get_path(SYS_CODE_PATH).'upload/users/', 0777);
+				mkdir(api_get_path(SYS_CODE_PATH).'upload/users/', $perm);
 			}
 			$picture_uri = uniqid('').'_'.replace_dangerous_char($picture['name']);
 			$picture_location = api_get_path(SYS_CODE_PATH).'upload/users/'.$picture_uri;
diff --git a/main/document/create_document.php b/main/document/create_document.php
index 84d79d7d54..3338229055 100644
--- a/main/document/create_document.php
+++ b/main/document/create_document.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: create_document.php 12759 2007-07-19 07:52:56Z elixir_inter $
+// $Id: create_document.php 12809 2007-07-30 21:44:36Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -304,9 +304,11 @@ if ($form->validate())
 
 		fclose($fp);
 
+		$perm = api_get_setting('permissions_for_new_directories');
+		$perm = octdec(!empty($perm)?$perm:'0770');
 		if (!is_dir($filepath.'css'))
 		{
-			mkdir($filepath.'css', 0777);
+			mkdir($filepath.'css', $perm);
 
 			$doc_id = add_document($_course, $dir.'css', 'folder', 0, 'css');
 
diff --git a/main/document/edit_document.php b/main/document/edit_document.php
index 29ad84b4d2..c8766c5a25 100644
--- a/main/document/edit_document.php
+++ b/main/document/edit_document.php
@@ -1,4 +1,4 @@
-<?php // $Id: edit_document.php 12759 2007-07-19 07:52:56Z elixir_inter $
+<?php // $Id: edit_document.php 12809 2007-07-30 21:44:36Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -378,9 +378,12 @@ if($is_allowedToEdit)
 				
 				fclose($fp);
 
+				$perm = api_get_setting('permissions_for_new_directories');
+				$perm = octdec(!empty($perm)?$perm:'0770');
+
 				if(!is_dir($filepath.'css'))
 				{
-					mkdir($filepath.'css',0777);
+					mkdir($filepath.'css',$perm);
 
 					$doc_id=add_document($_course,$dir.'css','folder',0,'css');
 
diff --git a/main/install/install_functions.inc.php b/main/install/install_functions.inc.php
index 3d63df7320..b7df50e9ad 100644
--- a/main/install/install_functions.inc.php
+++ b/main/install/install_functions.inc.php
@@ -557,49 +557,54 @@ function display_requirements($installType, $badUpdatePath, $update_from_version
 	{
 		$error=false;
 
+		$perm = api_get_setting('permissions_for_new_directories');
+		$perm = octdec(!empty($perm)?$perm:'0770');
+		$perm_file = api_get_setting('permissions_for_new_files');
+		$perm_file = octdec(!empty($perm_file)?$perm_file:'0660');
+
 		//First, attempt to set writing permissions if we don't have them yet
 		//0xxx is an octal number, this is the required format
 		$notwritable = array();
 		if(!is_writable('../inc/conf'))
 		{
 			$notwritable[]='../inc/conf';
-			@chmod('../inc/conf',0777);
+			@chmod('../inc/conf',$perm);
 		}
 
 		if(!is_writable('../garbage'))
 		{
 			$notwritable[]='../garbage';
-			@chmod('../garbage',0777);
+			@chmod('../garbage',$perm);
 		}
 
 		if(!is_writable('../upload'))
 		{
 			$notwritable[]='../upload';
-			@chmod('../upload', 0777);
+			@chmod('../upload', $perm);
 		}
 
 		if(!is_writable('../../archive'))
 		{
 			$notwritable[]='../../archive';
-			@chmod('../../archive',0777);
+			@chmod('../../archive',$perm);
 		}
 
 		if(!is_writable('../../courses'))
 		{
 			$notwritable[]='../../courses';
-			@chmod('../../courses',0777);
+			@chmod('../../courses',$perm);
 		}
 
 		if(!is_writable('../../home'))
 		{
 			$notwritable[]='../../home';
-			@chmod('../../home',0777);
+			@chmod('../../home',$perm);
 		}
 
 		if(file_exists('../inc/conf/configuration.php') && !is_writable('../inc/conf/configuration.php'))
 		{
 			$notwritable[]='../inc/conf/configuration.php';
-			@chmod('../inc/conf/configuration.php',0666);
+			@chmod('../inc/conf/configuration.php',$perm_file);
 		}
 
 		//Second, if this fails, report an error
diff --git a/main/install/update-files-1.6.x-1.8.0.inc.php b/main/install/update-files-1.6.x-1.8.0.inc.php
index e5d1eda731..0db5e1c356 100755
--- a/main/install/update-files-1.6.x-1.8.0.inc.php
+++ b/main/install/update-files-1.6.x-1.8.0.inc.php
@@ -1,4 +1,4 @@
-<?php //$Id: update-files-1.6.x-1.8.0.inc.php 12086 2007-04-23 13:02:44Z yannoo $
+<?php //$Id: update-files-1.6.x-1.8.0.inc.php 12809 2007-07-30 21:44:36Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -74,6 +74,9 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 	$sql = "SELECT * FROM course";
 	error_log('Getting courses for files updates: '.$sql,0);
 	$result=mysql_query($sql);
+
+	$perm = api_get_setting('permissions_for_new_directories');
+	$perm = octdec(!empty($perm)?$perm:'0770');
 	
 	while($courses_directories=mysql_fetch_array($result)){
 		
@@ -95,22 +98,22 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 		
 			//document > audio
 			if(!is_dir($currentCourseRepositorySys."document/audio")){
-				mkdir($currentCourseRepositorySys."document/audio",0777);
+				mkdir($currentCourseRepositorySys."document/audio",$perm);
 				insert_db($db_name,"audio",get_lang('Audio'));
 			}
 			//document > flash
 			if(!is_dir($currentCourseRepositorySys."document/flash")){
-				mkdir($currentCourseRepositorySys."document/flash",0777);
+				mkdir($currentCourseRepositorySys."document/flash",$perm);
 				insert_db($db_name,"flash",get_lang('Flash'));
 			}
 			//document > images
 			if(!is_dir($currentCourseRepositorySys."document/images")){
-				mkdir($currentCourseRepositorySys."document/images",0777);
+				mkdir($currentCourseRepositorySys."document/images",$perm);
 				insert_db($db_name,"images",get_lang('Images'));
 			}
 			
 			if(!is_dir($currentCourseRepositorySys."document/video")){
-				mkdir($currentCourseRepositorySys."document/video",0777);
+				mkdir($currentCourseRepositorySys."document/video",$perm);
 				insert_db($db_name,"video",get_lang('Video'));
 			}
 		
@@ -118,20 +121,20 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 			
 			//upload
 			if(!is_dir($currentCourseRepositorySys."upload")){
-				mkdir($currentCourseRepositorySys."upload",0777);
+				mkdir($currentCourseRepositorySys."upload",$perm);
 			}
 		
 			//upload > blog
 			if(!is_dir($currentCourseRepositorySys."upload/blog")){
-				mkdir($currentCourseRepositorySys."upload/blog",0777);
+				mkdir($currentCourseRepositorySys."upload/blog",$perm);
 			}
 			//upload > forum
 			if(!is_dir($currentCourseRepositorySys."upload/forum")){
-				mkdir($currentCourseRepositorySys."upload/forum",0777);
+				mkdir($currentCourseRepositorySys."upload/forum",$perm);
 			}
 			//upload > test
 			if(!is_dir($currentCourseRepositorySys."upload/test")){
-				mkdir($currentCourseRepositorySys."upload/test",0777);
+				mkdir($currentCourseRepositorySys."upload/test",$perm);
 			}
 			
 			//Updating index file in courses directories to change claroline/ into main/
diff --git a/main/install/update_files.inc.php b/main/install/update_files.inc.php
index 353dcae13d..c5b907d70e 100644
--- a/main/install/update_files.inc.php
+++ b/main/install/update_files.inc.php
@@ -152,6 +152,9 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 	$newPath = str_replace('\\', '/', realpath('../..')).'/';
 	$oldPath = $_POST['updatePath'];
 
+	$perm = api_get_setting('permissions_for_new_directories');
+	$perm = octdec(!empty($perm)?$perm:'0770');
+
 	foreach ($coursePath as $key => $course)
 	{
 		$mysql_base_course = $courseDB[$key];
@@ -181,7 +184,7 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 			fclose($fp);
 		}
 
-		@ mkdir($oldPath.$course.'/temp', 0777);
+		@ mkdir($oldPath.$course.'/temp', $perm);
 
 		@ rename($oldPath.$course, $newPath.'courses/'.$course);
 
diff --git a/main/install/upgrade.php b/main/install/upgrade.php
index 31bedf8e32..828ddf3b62 100755
--- a/main/install/upgrade.php
+++ b/main/install/upgrade.php
@@ -160,9 +160,11 @@ class Page_Requirements extends HTML_QuickForm_Page
 	{
 		$writable_folders = array ('../inc/conf', '../garbage', '../upload', '../../archive', '../../courses', '../../home');
 		$not_writable = array ();
+		$perm = api_get_setting('permissions_for_new_directories');
+		$perm = octdec(!empty($perm)?$perm:'0770');
 		foreach ($writable_folders as $index => $folder)
 		{
-			if (!is_writable($folder) && !@ chmod($folder, 0777))
+			if (!is_writable($folder) && !@ chmod($folder, $perm))
 			{
 				$not_writable[] = $folder;
 			}
diff --git a/main/mySpace/admin.php b/main/mySpace/admin.php
index 6c84ca36fd..25a6339e34 100644
--- a/main/mySpace/admin.php
+++ b/main/mySpace/admin.php
@@ -68,7 +68,9 @@ $tbl_admin				= Database :: get_main_table(TABLE_MAIN_ADMIN);
 		
 		fwrite($open,$info);
 		fclose($open);
-		chmod($fileName,0777);
+		$perm = api_get_setting('permissions_for_new_files');
+		$perm = octdec(!empty($perm)?$perm:'0660');
+		chmod($fileName,$perm);
 		
 		header("Location:".$archiveURL.$fileName);
 	}
diff --git a/main/mySpace/coaches.php b/main/mySpace/coaches.php
index 5ecc5c93f0..5db26a4911 100644
--- a/main/mySpace/coaches.php
+++ b/main/mySpace/coaches.php
@@ -77,7 +77,9 @@ $tbl_track_login 					= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_
 		
 		fwrite($open,$info);
 		fclose($open);
-		chmod($fileName,0777);
+		$perm = api_get_setting('permissions_for_new_files');
+		$perm = octdec(!empty($perm)?$perm:'0660');
+		chmod($fileName,$perm);
 		
 		header("Location:".$archiveURL.$fileName);
 	}
diff --git a/main/mySpace/progression.php b/main/mySpace/progression.php
index 79618d9f91..d9737a619d 100644
--- a/main/mySpace/progression.php
+++ b/main/mySpace/progression.php
@@ -64,7 +64,9 @@ $tbl_track_exercice = Database :: get_statistic_table(STATISTIC_TRACK_E_EXERCICE
 		
 		fwrite($open,$info);
 		fclose($open);
-		chmod($fileName,0777);
+		$perm = api_get_setting('permissions_for_new_files');
+		$perm = octdec(!empty($perm)?$perm:'0660');
+		chmod($fileName,$perm);
 		$message = get_lang('UsageDatacreated');
 		
 		header("Location:".$archiveURL.$fileName);
diff --git a/main/mySpace/teachers.php b/main/mySpace/teachers.php
index 90beb027f6..3dd3efeda5 100644
--- a/main/mySpace/teachers.php
+++ b/main/mySpace/teachers.php
@@ -69,7 +69,9 @@ function exportCsv($a_header,$a_data)
 		
 		fwrite($open,$info);
 		fclose($open);
-		chmod($fileName,0777);
+		$perm = api_get_setting('permissions_for_new_files');
+		$perm = octdec(!empty($perm)?$perm:'0660');
+		chmod($fileName,$perm);
 		
 		header("Location:".$archiveURL.$fileName);
 	}