From: stronk7 <stronk7>
Date: Fri, 2 Nov 2007 09:53:32 +0000 (+0000)
Subject: Changed check_dir_exists() behaviour to be more robust
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5fab4931b440a5842331043eafa8ed5119027b39;p=moodle.git

Changed check_dir_exists() behaviour to be more robust
and to work better when used recursively under sites
with open_basedir enabled. Credit goes to René Samselnig. MDL-11437

Merged from MOODLE_19_STABLE
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index e0bbc0bd34..74f5a1cc18 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -7272,7 +7272,7 @@ function remove_dir($dir, $content_only=false) {
 /**
  * Function to check if a directory exists and optionally create it.
  *
- * @param string absolute directory path
+ * @param string absolute directory path (must be under $CFG->dataroot)
  * @param boolean create directory if does not exist
  * @param boolean create directory recursively
  *
@@ -7282,6 +7282,10 @@ function check_dir_exists($dir, $create=false, $recursive=false) {
 
     global $CFG;
 
+    if (strstr($dir, $CFG->dataroot) === false) {
+        debugging('Warning. Wrong call to check_dir_exists(). $dir must be an absolute path under $CFG->dataroot ("' . $dir . '" is incorrect)', DEBUG_DEVELOPER);
+    }
+
     $status = true;
 
     if(!is_dir($dir)) {
@@ -7290,10 +7294,14 @@ function check_dir_exists($dir, $create=false, $recursive=false) {
         } else {
             umask(0000);
             if ($recursive) {
-                // PHP 5.0 has recursive mkdir parameter, but 4.x does not :-(
+            /// PHP 5.0 has recursive mkdir parameter, but 4.x does not :-(
                 $dir = str_replace('\\', '/', $dir); //windows compatibility
-                $dirs = explode('/', $dir);
-                $dir = array_shift($dirs).'/'; //skip root or drive letter
+            /// We are going to make it recursive under $CFG->dataroot only
+            /// (will help sites running open_basedir security and others)
+                $dir = str_replace($CFG->dataroot . '/', '', $dir);
+                $dirs = explode('/', $dir); /// Extract path parts
+            /// Iterate over each part with start point $CFG->dataroot
+                $dir = $CFG->dataroot . '/';
                 foreach ($dirs as $part) {
                     if ($part == '') {
                         continue;