RetailCRM-Mirror/doctrine2
1
0
Fork 0
mirror of synced 2025-02-02 13:31:45 +03:00
Code Issues Projects Releases Wiki Activity

[DCOM-293] Fix security misconfiguration vulnerability allowing local remote arbitrary code execution.

Browse Source
This commit is contained in:
Benjamin Eberlei 2015-08-31 13:57:29 +02:00
parent 89eed31e79
commit 6366d190d7
6 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Doctrine/ORM/Cache/Region/FileLockRegion.php
View File

@ -61,7 +61,7 @@ class FileLockRegion implements ConcurrentRegion
*/
public function __construct(Region $region, $directory, $lockLifetime)
{
if ( ! is_dir($directory) && ! @mkdir($directory, 0777, true)) {
if ( ! is_dir($directory) && ! @mkdir($directory, 0775, true)) {
throw new \InvalidArgumentException(sprintf('The directory "%s" does not exist and could not be created.', $directory));
}
@ -242,6 +242,7 @@ class FileLockRegion implements ConcurrentRegion
if ( ! @file_put_contents($filename, $lock->value, LOCK_EX)) {
return null;
}
chmod($filename, 0664);
return $lock;
}

2
lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php
View File

@ -137,7 +137,7 @@ EOT
// Process destination directory
if ( ! is_dir($destPath = $input->getArgument('dest-path'))) {
mkdir($destPath, 0777, true);
mkdir($destPath, 0775, true);
}
$destPath = realpath($destPath);

2
lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php
View File

@ -79,7 +79,7 @@ EOT
}
if ( ! is_dir($destPath)) {
mkdir($destPath, 0777, true);
mkdir($destPath, 0775, true);
}
$destPath = realpath($destPath);

3
lib/Doctrine/ORM/Tools/EntityGenerator.php
View File

@ -364,7 +364,7 @@ public function __construct(<params>)
$dir = dirname($path);
if ( ! is_dir($dir)) {
mkdir($dir, 0777, true);
mkdir($dir, 0775, true);
}
$this->isNew = !file_exists($path) || (file_exists($path) && $this->regenerateEntityIfExists);
@ -389,6 +389,7 @@ public function __construct(<params>)
} elseif ( ! $this->isNew && $this->updateEntityIfExists) {
file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path));
}
chmod($path, 0664);
}
/**

3
lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php
View File

@ -147,11 +147,12 @@ class <className> extends <repositoryName>
$dir = dirname($path);
if ( ! is_dir($dir)) {
mkdir($dir, 0777, true);
mkdir($dir, 0775, true);
}
if ( ! file_exists($path)) {
file_put_contents($path, $code);
chmod($path, 0664);
}
}

5
lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php
View File

@ -130,7 +130,7 @@ abstract class AbstractExporter
public function export()
{
if ( ! is_dir($this->_outputDir)) {
mkdir($this->_outputDir, 0777, true);
mkdir($this->_outputDir, 0775, true);
}
foreach ($this->_metadata as $metadata) {
@ -139,12 +139,13 @@ abstract class AbstractExporter
$path = $this->_generateOutputPath($metadata);
$dir = dirname($path);
if ( ! is_dir($dir)) {
mkdir($dir, 0777, true);
mkdir($dir, 0775, true);
}
if (file_exists($path) && !$this->_overwriteExistingFiles) {
throw ExportException::attemptOverwriteExistingFile($path);
}
file_put_contents($path, $output);
chmod($path, 0664);
}
}
}