From c5471a76a23897fcb40b3c4661ba898116dabaa7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 31 Jan 2010 13:27:05 -0800 Subject: htaccess_works() can't use var/tmp anymore because that's locked down. So just create var/security_test and delete it when we're done. --- modules/gallery/helpers/access.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 10fa8666..29b981e8 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -663,23 +663,28 @@ class access_Core { * working and our permission system works. */ static function htaccess_works() { - $success_url = url::file("var/tmp/security_test/success"); + $success_url = url::file("var/security_test/success"); - @mkdir(VARPATH . "tmp/security_test"); - if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) { - fwrite($fp, "RewriteEngine On\n"); - fwrite($fp, "RewriteRule verify $success_url [L]\n"); - fclose($fp); - } + @mkdir(VARPATH . "security_test"); + try { + if ($fp = @fopen(VARPATH . "security_test/.htaccess", "w+")) { + fwrite($fp, "RewriteEngine On\n"); + fwrite($fp, "RewriteRule verify $success_url [L]\n"); + fclose($fp); + } - if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) { - fwrite($fp, "success"); - fclose($fp); - } + if ($fp = @fopen(VARPATH . "security_test/success", "w+")) { + fwrite($fp, "success"); + fclose($fp); + } - list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify")); - $works = $response == "HTTP/1.1 200 OK"; - @dir::unlink(VARPATH . "tmp/security_test"); + list ($response) = remote::do_request(url::abs_file("var/security_test/verify")); + $works = $response == "HTTP/1.1 200 OK"; + } catch (Exception $e) { + @dir::unlink(VARPATH . "security_test"); + throw $e; + } + @dir::unlink(VARPATH . "security_test"); return $works; } -- cgit v1.2.3