Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2834525 by alexpott, kim.pepper, jummonk, joshua.roberson, Ruuds: Permission denied caused by race condition during ensureDirectory should be silenced

merge-requests/2/head
catch 2020-06-29 12:54:11 +01:00
parent 5ded531763
commit 16209df496
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
composer/Plugin/VendorHardening/FileSecurity.php
View File

@ -28,7 +28,7 @@ class FileSecurity {
* TRUE if the file already exists or was created. FALSE otherwise.
*/
public static function writeHtaccess($directory, $deny_public_access = TRUE, $force = FALSE) {
return self::writeFile($directory, '/.htaccess', self::htaccessLines($deny_public_access), $force);
return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access), $force);
}
/**
@ -112,7 +112,7 @@ EOF;
* TRUE if the file already exists or was created. FALSE otherwise.
*/
public static function writeWebConfig($directory, $force = FALSE) {
return self::writeFile($directory, '/web.config', self::webConfigLines(), $force);
return self::writeFile($directory, 'web.config', self::webConfigLines(), $force);
}
/**
@ -154,7 +154,9 @@ EOT;
if (file_exists($file_path) && !$force) {
return TRUE;
}
if (file_exists($directory) && is_writable($directory) && file_put_contents($file_path, $contents)) {
// Try to write the file. This can fail if concurrent requests are both
// trying to write a the same time.
if (@file_put_contents($file_path, $contents)) {
return @chmod($file_path, 0444);
}
return FALSE;

11
core/lib/Drupal/Component/FileSecurity/FileSecurity.php
View File

@ -26,7 +26,7 @@ class FileSecurity {
* TRUE if the file already exists or was created. FALSE otherwise.
*/
public static function writeHtaccess($directory, $deny_public_access = TRUE, $force = FALSE) {
return self::writeFile($directory, '/.htaccess', self::htaccessLines($deny_public_access), $force);
return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access), $force);
}
/**
@ -110,7 +110,7 @@ EOF;
* TRUE if the file already exists or was created. FALSE otherwise.
*/
public static function writeWebConfig($directory, $force = FALSE) {
return self::writeFile($directory, '/web.config', self::webConfigLines(), $force);
return self::writeFile($directory, 'web.config', self::webConfigLines(), $force);
}
/**
@ -152,7 +152,12 @@ EOT;
if (file_exists($file_path) && !$force) {
return TRUE;
}
if (file_exists($directory) && is_writable($directory) && file_put_contents($file_path, $contents)) {
// Writing the file can fail if:
// - concurrent requests are both trying to write at the same time.
// - $directory does not exist or is not writable.
// Testing for these conditions introduces windows for concurrency issues to
// occur.
if (@file_put_contents($file_path, $contents)) {
return @chmod($file_path, 0444);
}
return FALSE;