From e495ecba56afcfb3bec014e79575add24e330668 Mon Sep 17 00:00:00 2001
From: Eric Marguin <e.marguin@elixir-interactive.com>
Date: Wed, 19 Sep 2007 10:11:36 +0200
Subject: [PATCH] [svn r13079] fix more bugs with permissions (mainly mkdir
 without umask(0) or chmod)

---
 main/admin/user_add.php                       | 11 +++++++----
 main/document/create_document.php             |  6 +++---
 main/inc/lib/add_course.lib.inc.php           |  4 +++-
 main/inc/lib/fileUpload.lib.php               |  8 ++++----
 main/install/install_functions.inc.php        |  2 +-
 main/install/update-files-1.6.x-1.8.0.inc.php |  5 +++--
 main/install/update_files.inc.php             |  1 +
 main/work/work.lib.php                        |  1 +
 8 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/main/admin/user_add.php b/main/admin/user_add.php
index 223c0ec42a..6f5b98af89 100644
--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@@ -1,4 +1,4 @@
-<?php // $Id: user_add.php 13076 2007-09-19 07:45:31Z elixir_inter $
+<?php // $Id: user_add.php 13079 2007-09-19 08:11:36Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -169,10 +169,13 @@ if( $form->validate())
 		$picture_uri = '';
 		if (strlen($picture['name']) > 0)
 		{
-			$perm = api_get_setting('permissions_for_new_directories');
-			$perm = octdec(!empty($perm))?$perm:'0770';
 			if(!is_dir(api_get_path(SYS_CODE_PATH).'upload/users/')){
-				mkdir(api_get_path(SYS_CODE_PATH).'upload/users/', $perm);
+				if(mkdir(api_get_path(SYS_CODE_PATH).'upload/users/'))
+				{
+					$perm = api_get_setting('permissions_for_new_directories');
+					$perm = octdec(!empty($perm))?$perm:'0770';
+					chmod(api_get_path(SYS_CODE_PATH).'upload/users/');
+				}
 			}
 			$picture_uri = uniqid('').'_'.replace_dangerous_char($picture['name']);
 			$picture_location = api_get_path(SYS_CODE_PATH).'upload/users/'.$picture_uri;
diff --git a/main/document/create_document.php b/main/document/create_document.php
index 06e2fbbe7f..c9a870c0db 100644
--- a/main/document/create_document.php
+++ b/main/document/create_document.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: create_document.php 13076 2007-09-19 07:45:31Z elixir_inter $
+// $Id: create_document.php 13079 2007-09-19 08:11:36Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -309,8 +309,8 @@ if ($form->validate())
 		$perm = octdec(!empty($perm))?$perm:'0770';
 		if (!is_dir($filepath.'css'))
 		{
-			mkdir($filepath.'css', $perm);
-
+			mkdir($filepath.'css');
+			chmod($filepath.'css', $perm);
 			$doc_id = add_document($_course, $dir.'css', 'folder', 0, 'css');
 
 			api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', $_user['user_id']);
diff --git a/main/inc/lib/add_course.lib.inc.php b/main/inc/lib/add_course.lib.inc.php
index 4228ab0d98..de5f24799e 100644
--- a/main/inc/lib/add_course.lib.inc.php
+++ b/main/inc/lib/add_course.lib.inc.php
@@ -1413,6 +1413,7 @@ function sort_pictures($files,$type){
 */
 function fill_course_repository($courseRepository)
 {
+	$old_umask = umask(0);
 	$sys_course_path = api_get_path(SYS_COURSE_PATH);
 	$web_code_path = api_get_path(WEB_CODE_PATH);
 
@@ -1454,7 +1455,7 @@ function fill_course_repository($courseRepository)
 		$perm = api_get_setting('permissions_for_new_directories');
 		$perm = octdec(!empty($perm))?$perm:'0770';
 		$perm_file = api_get_setting('permissions_for_new_files');
-		$perm_file = octdec(!empty($perm_file)?$perm_file:'0660');
+		$perm_file = octdec(!empty($perm_file))?$perm_file:'0660';
 		mkdir($course_documents_folder_images,$perm);
 
 		$handle = opendir($img_code_path);
@@ -1555,6 +1556,7 @@ function fill_course_repository($courseRepository)
 		$default_document_array['video']=$video_array;
 
 	}
+	umask($old_umask);
 	return $default_document_array;
 }
 
diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
index 0c43347333..c00c0a4ad1 100644
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@@ -1392,11 +1392,11 @@ function create_unexisting_directory($_course,$user_id,$to_group_id,$to_user_id,
 	{
 		$title = basename($desired_dir_name);
 	}
-	$perm = api_get_setting('permissions_for_new_directories');
-	
-	$perm = octdec(!empty($perm))?$perm:'0770';
-	if ( mkdir($base_work_dir.$desired_dir_name.$nb, $perm))
+	if ( mkdir($base_work_dir.$desired_dir_name.$nb))
 	{
+		$perm = api_get_setting('permissions_for_new_directories');
+		$perm = octdec(!empty($perm))?$perm:'0770';
+		chmod($base_work_dir.$desired_dir_name.$nb,$perm);
 		$document_id = add_document($_course, $desired_dir_name.$nb,'folder',0,$title);
 		if ($document_id)
 		{
diff --git a/main/install/install_functions.inc.php b/main/install/install_functions.inc.php
index 4a44a5dd0d..ff67d10174 100644
--- a/main/install/install_functions.inc.php
+++ b/main/install/install_functions.inc.php
@@ -574,7 +574,7 @@ function display_requirements($installType, $badUpdatePath, $updatePath='', $upd
 		$perm = api_get_setting('permissions_for_new_directories');
 		$perm = octdec(!empty($perm))?$perm:'0770';
 		$perm_file = api_get_setting('permissions_for_new_files');
-		$perm_file = octdec(!empty($perm_file)?$perm_file:'0660');
+		$perm_file = octdec(!empty($perm_file))?$perm_file:'0660';
 
 		//First, attempt to set writing permissions if we don't have them yet
 		//0xxx is an octal number, this is the required format
diff --git a/main/install/update-files-1.6.x-1.8.0.inc.php b/main/install/update-files-1.6.x-1.8.0.inc.php
index 1e6eaf0b14..bae56fd986 100755
--- a/main/install/update-files-1.6.x-1.8.0.inc.php
+++ b/main/install/update-files-1.6.x-1.8.0.inc.php
@@ -1,4 +1,4 @@
-<?php //$Id: update-files-1.6.x-1.8.0.inc.php 13076 2007-09-19 07:45:31Z elixir_inter $
+<?php //$Id: update-files-1.6.x-1.8.0.inc.php 13079 2007-09-19 08:11:36Z elixir_inter $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -77,7 +77,7 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 	
 	$perm = api_get_setting('permissions_for_new_directories');
 	$perm = octdec(!empty($perm))?$perm:'0770';
-	
+	$old_umask = umask(0);
 	while($courses_directories=mysql_fetch_array($result)){
 		
 		$currentCourseRepositorySys = $sys_course_path.$courses_directories["directory"]."/";
@@ -154,6 +154,7 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 			
 		
 	}
+	umask($old_umask);
 	// Write the Dokeos config file
 	write_dokeos_config_file('../inc/conf/configuration.php');
 	// Write a distribution file with the config as a backup for the admin
diff --git a/main/install/update_files.inc.php b/main/install/update_files.inc.php
index 342190a399..8816e034a1 100644
--- a/main/install/update_files.inc.php
+++ b/main/install/update_files.inc.php
@@ -185,6 +185,7 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 		}
 
 		@ mkdir($oldPath.$course.'/temp', $perm);
+		@ chmod($oldPath.$course.'/temp', $perm);
 
 		@ rename($oldPath.$course, $newPath.'courses/'.$course);
 
diff --git a/main/work/work.lib.php b/main/work/work.lib.php
index 611f738c4f..d91e317203 100644
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@@ -511,6 +511,7 @@ function create_unexisting_work_directory($base_work_dir,$desired_dir_name)
 	$perm = octdec(!empty($perm))?$perm:'0770';
 	if ( mkdir($base_work_dir.$desired_dir_name.$nb, $perm))
 	{
+		chmod($base_work_dir.$desired_dir_name.$nb, $perm);
 		return $desired_dir_name.$nb;
 	}
 	else