RetailCRM-Mirror/doctrine2
1
0
Fork 0
mirror of synced 2025-02-02 13:31:45 +03:00
Code Issues Projects Releases Wiki Activity

[DCOM-293] Fix security misconfiguration vulnerability allowing local remote arbitrary code execution.

Browse Source
This commit is contained in:
Benjamin Eberlei 2015-08-31 13:57:29 +02:00
parent 89eed31e79
commit 6366d190d7
6 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Doctrine/ORM/Cache/Region/FileLockRegion.php
View File

@ -61,7 +61,7 @@ class FileLockRegion implements ConcurrentRegion
*/ */
public function __construct(Region $region, $directory, $lockLifetime) public function __construct(Region $region, $directory, $lockLifetime)
{ {
if ( ! is_dir($directory) && ! @mkdir($directory, 0777, true)) { if ( ! is_dir($directory) && ! @mkdir($directory, 0775, true)) {
throw new \InvalidArgumentException(sprintf('The directory "%s" does not exist and could not be created.', $directory)); throw new \InvalidArgumentException(sprintf('The directory "%s" does not exist and could not be created.', $directory));
} }
@ -242,6 +242,7 @@ class FileLockRegion implements ConcurrentRegion
if ( ! @file_put_contents($filename, $lock->value, LOCK_EX)) { if ( ! @file_put_contents($filename, $lock->value, LOCK_EX)) {
return null; return null;
} }
chmod($filename, 0664);
return $lock; return $lock;
} }

2
lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php
View File

@ -137,7 +137,7 @@ EOT
// Process destination directory // Process destination directory
if ( ! is_dir($destPath = $input->getArgument('dest-path'))) { if ( ! is_dir($destPath = $input->getArgument('dest-path'))) {
mkdir($destPath, 0777, true); mkdir($destPath, 0775, true);
} }
$destPath = realpath($destPath); $destPath = realpath($destPath);

2
lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php
View File

@ -79,7 +79,7 @@ EOT
} }
if ( ! is_dir($destPath)) { if ( ! is_dir($destPath)) {
mkdir($destPath, 0777, true); mkdir($destPath, 0775, true);
} }
$destPath = realpath($destPath); $destPath = realpath($destPath);

3
lib/Doctrine/ORM/Tools/EntityGenerator.php
View File

@ -364,7 +364,7 @@ public function __construct(<params>)
$dir = dirname($path); $dir = dirname($path);
if ( ! is_dir($dir)) { if ( ! is_dir($dir)) {
mkdir($dir, 0777, true); mkdir($dir, 0775, true);
} }
$this->isNew = !file_exists($path) || (file_exists($path) && $this->regenerateEntityIfExists); $this->isNew = !file_exists($path) || (file_exists($path) && $this->regenerateEntityIfExists);
@ -389,6 +389,7 @@ public function __construct(<params>)
} elseif ( ! $this->isNew && $this->updateEntityIfExists) { } elseif ( ! $this->isNew && $this->updateEntityIfExists) {
file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path)); file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path));
} }
chmod($path, 0664);
} }
/** /**

3
lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php
View File

@ -147,11 +147,12 @@ class <className> extends <repositoryName>
$dir = dirname($path); $dir = dirname($path);
if ( ! is_dir($dir)) { if ( ! is_dir($dir)) {
mkdir($dir, 0777, true); mkdir($dir, 0775, true);
} }
if ( ! file_exists($path)) { if ( ! file_exists($path)) {
file_put_contents($path, $code); file_put_contents($path, $code);
chmod($path, 0664);
} }
} }

5
lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php
View File

@ -130,7 +130,7 @@ abstract class AbstractExporter
public function export() public function export()
{ {
if ( ! is_dir($this->_outputDir)) { if ( ! is_dir($this->_outputDir)) {
mkdir($this->_outputDir, 0777, true); mkdir($this->_outputDir, 0775, true);
} }
foreach ($this->_metadata as $metadata) { foreach ($this->_metadata as $metadata) {
@ -139,12 +139,13 @@ abstract class AbstractExporter
$path = $this->_generateOutputPath($metadata); $path = $this->_generateOutputPath($metadata);
$dir = dirname($path); $dir = dirname($path);
if ( ! is_dir($dir)) { if ( ! is_dir($dir)) {
mkdir($dir, 0777, true); mkdir($dir, 0775, true);
} }
if (file_exists($path) && !$this->_overwriteExistingFiles) { if (file_exists($path) && !$this->_overwriteExistingFiles) {
throw ExportException::attemptOverwriteExistingFile($path); throw ExportException::attemptOverwriteExistingFile($path);
} }
file_put_contents($path, $output); file_put_contents($path, $output);
chmod($path, 0664);
} }
} }
} }