From 5c9a3b3f39f6ff0d5c84c2cf283d27eaebe2e66e Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Sat, 23 Apr 2011 21:19:47 -0600 Subject: Create a tempnam substitute that safely creates files with a given extension. --- modules/gallery/controllers/quick.php | 4 +-- modules/gallery/helpers/system.php | 25 ++++++++++++++ modules/gallery/tests/Mock_Built_In.php | 39 ++++++++++++++++++++++ modules/gallery/tests/System_Helper_Test.php | 49 ++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 modules/gallery/tests/Mock_Built_In.php create mode 100644 modules/gallery/tests/System_Helper_Test.php (limited to 'modules') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index da4768fd..ce52cb8d 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,8 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = tempnam(TMPPATH, "rotate") . "." . - pathinfo($item->file_path(), PATHINFO_EXTENSION); + $tmpfile = system::tempnam(TMPPATH, "rotate", + "." . pathinfo($item->file_path(), PATHINFO_EXTENSION)); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item); $item->set_data_file($tmpfile); $item->save(); diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index c39c7227..31ecafa7 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -40,4 +40,29 @@ class system_Core { } return null; } + + /** + * Create a file with a unique file name. + * This helper is similar to the built-in tempnam, except that it supports an optional postfix. + */ + static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") { + return self::_tempnam($dir, $prefix, $postfix, "tempnam"); + } + + // This helper provides a dependency-injected implementation of tempnam. + static function _tempnam($dir, $prefix, $postfix, $builtin) { + $success = false; + do { + $basename = call_user_func($builtin, $dir, $prefix); + if (!$basename) { + return false; + } + $filename = $basename . $postfix; + $success = !file_exists($filename) && @rename($basename, $filename); + if (!$success) { + @unlink($basename); + } + } while (!$success); + return $filename; + } } \ No newline at end of file diff --git a/modules/gallery/tests/Mock_Built_In.php b/modules/gallery/tests/Mock_Built_In.php new file mode 100644 index 00000000..b02e5ecf --- /dev/null +++ b/modules/gallery/tests/Mock_Built_In.php @@ -0,0 +1,39 @@ +nonces = func_get_args(); + } + + function _tempnam($dir, $prefix) { + if (empty($this->nonces)) + return false; + $filename = "$dir/$prefix" . array_shift($this->nonces); + if (!touch($filename)) + return false; + return $filename; + } +} diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php new file mode 100644 index 00000000..734f98ac --- /dev/null +++ b/modules/gallery/tests/System_Helper_Test.php @@ -0,0 +1,49 @@ +assert_true(file_exists($filename), "File not created"); + unlink($filename); + } + + public function tempnam_collision_test() { + require_once('Mock_Built_In.php'); + $existing = TMPPATH . "/file1.ext"; + $available = TMPPATH . "/file2.ext"; + touch($existing); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In("1", "2"), "_tempnam")); + unlink($existing); + $this->assert_true(file_exists($filename), "File not created"); + unlink($filename); + $this->assert_equal($available, $filename, "Incorrect filename created"); + } + + public function tempnam_abort_test() { + require_once('Mock_Built_In.php'); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In(), "_tempnam")); + if ($filename) { + @unlink($filename); + } + $this->assert_false($filename, "Operation not aborted"); + } +} -- cgit v1.2.3