Skip to content
Snippets Groups Projects
Commit 033c94d0 authored by Valerio Ponte's avatar Valerio Ponte
Browse files

fixed xsendfile zip generation race condition

parent ef6c6e77
Branches
No related tags found
No related merge requests found
......@@ -59,11 +59,7 @@ class OC_Files {
$executionTime = intval(ini_get('max_execution_time'));
set_time_limit(0);
$zip = new ZipArchive();
if ($xsendfile) {
$filename = OC_Helper::tmpFileNoClean('.zip');
}else{
$filename = OC_Helper::tmpFile('.zip');
}
if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) {
exit("cannot open <$filename>\n");
}
......@@ -78,6 +74,9 @@ class OC_Files {
}
}
$zip->close();
if ($xsendfile) {
$filename = OC_Helper::moveToNoClean($filename);
}
$basename = basename($dir);
if ($basename) {
$name = $basename . '.zip';
......@@ -91,17 +90,16 @@ class OC_Files {
$executionTime = intval(ini_get('max_execution_time'));
set_time_limit(0);
$zip = new ZipArchive();
if ($xsendfile) {
$filename = OC_Helper::tmpFileNoClean('.zip');
}else{
$filename = OC_Helper::tmpFile('.zip');
}
if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) {
exit("cannot open <$filename>\n");
}
$file = $dir . '/' . $files;
self::zipAddDir($file, $zip);
$zip->close();
if ($xsendfile) {
$filename = OC_Helper::moveToNoClean($filename);
}
$name = $files . '.zip';
set_time_limit($executionTime);
} else {
......
......@@ -541,13 +541,15 @@ class OC_Helper {
}
/**
* create a temporary file with an unique filename. It will not be deleted
* automatically
* @param string $postfix
* @return string
* move a file to oc-noclean temp dir
* @param string $filename
* @return mixed
*
*/
public static function tmpFileNoClean($postfix='') {
public static function moveToNoClean($filename='') {
if ($filename == '') {
return false;
}
$tmpDirNoClean=get_temp_dir().'/oc-noclean/';
if (!file_exists($tmpDirNoClean) || !is_dir($tmpDirNoClean)) {
if (file_exists($tmpDirNoClean)) {
......@@ -555,10 +557,12 @@ class OC_Helper {
}
mkdir($tmpDirNoClean);
}
$file=$tmpDirNoClean.md5(time().rand()).$postfix;
$fh=fopen($file, 'w');
fclose($fh);
return $file;
$newname=$tmpDirNoClean.basename($filename);
if (rename($filename, $newname)) {
return $newname;
} else {
return false;
}
}
/**
......@@ -597,7 +601,7 @@ class OC_Helper {
}
/**
* remove all files created by self::tmpFileNoClean
* remove all files in PHP /oc-noclean temp dir
*/
public static function cleanTmpNoClean() {
$tmpDirNoCleanFile=get_temp_dir().'/oc-noclean/';
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment