provide os_mkdir to workaround permission issues with php mkdir

9 files changed, 60 insertions, 9 deletions

diff --git a/boot.php b/boot.php
index 7552ddb92..cd0dca2ca 100755
--- a/boot.php
+++ b/boot.php
@@ -1168,6 +1168,15 @@ function absurl($path) {
 	return $path;
 }
 
+function os_mkdir($path,$mode = 0777,$recursive = false) {
+	$oldumask = @umask(0);
+	@mkdir($path, $mode, $recursive);
+	@umask($oldumask); 
+}
+
+
+
+
 function is_ajax() {
 	return (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
 }
diff --git a/include/attach.php b/include/attach.php
index da22e8ed5..0df2e82a5 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -579,7 +579,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 	logger('attach_mkdir: basepath: ' . $basepath);
 
 	if(! is_dir($basepath))
-		mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS, true);
+		os_mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS, true);
 
 	if(! perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
 		$ret['message'] = t('Permission denied.');
@@ -665,7 +665,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 	);
 
 	if($r) {
-		if(mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) {
+		if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) {
 			$ret['success'] = true;
 			$ret['data'] = $arr;
 
diff --git a/include/security.php b/include/security.php
index aaf4eb050..2ccfc6973 100644
--- a/include/security.php
+++ b/include/security.php
@@ -96,7 +96,7 @@ function change_channel($change_channel) {
 			get_app()->set_perms(get_all_perms(local_user(),$hash));
 		}
 		if(! is_dir('store/' . $r[0]['channel_address']))
-			@mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true);
+			@os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true);
 
 	}
 
diff --git a/include/smarty.php b/include/smarty.php
index c2fcc4097..99f143db1 100755
--- a/include/smarty.php
+++ b/include/smarty.php
@@ -49,8 +49,12 @@ class FriendicaSmartyEngine implements ITemplateEngine {
 	
 	public function __construct(){
         $a = get_app();
+
+		// Cannot use get_config() here because it is called during installation when there is no DB.
+		// FIXME: this may leak private information such as system pathnames.
+
         $basecompiledir = ((array_key_exists('smarty3_folder',$a->config['system'])) ? $a->config['system']['smarty3_folder'] : '');
-        if (!$basecompiledir) $basecompiledir = dirname(__dir__)."/store/[data]/smarty3";
+        if (!$basecompiledir) $basecompiledir = dirname(__dir__) . "/" . TEMPLATE_BUILD_PATH;
         if (!is_dir($basecompiledir)) {
             echo "<b>ERROR:</b> folder <tt>$basecompiledir</tt> does not exist."; killme();
         }
diff --git a/install/update.php b/install/update.php
index 3d4ed2cf9..6600808a6 100644
--- a/install/update.php
+++ b/install/update.php
@@ -995,7 +995,7 @@ ADD INDEX ( `menu_flags` )");
 }
 
 function update_r1091() {
-	@mkdir('store/[data]/smarty3',STORAGE_DEFAULT_PERMISSIONS,true);
+	@os_mkdir('store/[data]/smarty3',STORAGE_DEFAULT_PERMISSIONS,true);
 	@file_put_contents('store/[data]/locks','');
 	return UPDATE_SUCCESS;
 }
@@ -1301,6 +1301,6 @@ function update_r1115() {
 }
 
 function update_r1116() {
-	@mkdir('store/[data]/smarty3',STORAGE_DEFAULT_PERMISSIONS,true);
+	@os_mkdir('store/[data]/smarty3',STORAGE_DEFAULT_PERMISSIONS,true);
 	return UPDATE_SUCCESS;
 } 
\ No newline at end of file
diff --git a/library/bbedit/editor.js b/library/bbedit/editor.js
index 57de38876..563472ff5 100644
--- a/library/bbedit/editor.js
+++ b/library/bbedit/editor.js
@@ -27,6 +27,44 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

 

+

+

+

+function REDITOR(elm,wysiwyg) {

+

+	this.elm = elm;

+	this.wysiwyg = wysiwyg;

+

+

+

+}

+

+REDITOR.prototype.showEditor = function() {

+    if (! this.enableWysiwyg) return;

+    this.editorVisible = true;

+    this.content = document.getElementById(this.body_id).value;

+    this.myeditor = this.ifm.contentWindow.document;

+    bbcode2html();

+    this.myeditor.designMode = "on";

+    this.myeditor.open();

+    this.myeditor.write('<html><head><link href="editor.css" rel="Stylesheet" type="text/css" /></head>');

+    this.myeditor.write('<body style="margin:0px 0px 0px 0px" class="editorWYSIWYG">');

+    this.myeditor.write(content);

+    this.myeditor.write('</body></html>');

+    this.myeditor.close();

+    if (this.myeditor.attachEvent) {

+        if(parent.ProcessKeyPress)

+            this.myeditor.attachEvent("onkeydown", parent.ProcessKeyPress);

+		this.myeditor.attachEvent("onkeypress", kp);

+    }

+    else if (this.myeditor.addEventListener) {

+        if (parent.ProcessKeyPress)

+            this.myeditor.addEventListener("keydown", parent.ProcessKeyPress, true);

+		this.myeditor.addEventListener("keypress",kp,true);

+    }

+}

+

+

 var myeditor, ifm;

 var body_id, textboxelement;

 var content;

diff --git a/mod/cloud.php b/mod/cloud.php
index 25773066a..3734f769a 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -37,7 +37,7 @@ function cloud_init(&$a) {
 	require_once('include/reddav.php');
 
 	if(! is_dir('store'))
-		mkdir('store',STORAGE_DEFAULT_PERMISSIONS,false);
+		os_mkdir('store',STORAGE_DEFAULT_PERMISSIONS,false);
 
 	$which = null;
 	if(argc() > 1)
diff --git a/mod/setup.php b/mod/setup.php
index 7932d67af..ad5394335 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -527,7 +527,7 @@ function check_store(&$checks) {
 	$status = true;
 	$help = "";
 
-	@mkdir('store',STORAGE_DEFAULT_PERMISSIONS);
+	@os_mkdir('store',STORAGE_DEFAULT_PERMISSIONS);
 
 	if(	!is_writable('store') ) {
 	
diff --git a/version.inc b/version.inc
index bf817a3db..a781c791c 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-07-15.737
+2014-07-16.738