Merge pull request #975 from virtualtam/robustness

Improve robustness for zlib and file operations
2017-09-30 10:56:56 +02:00 · 2017-09-30 10:56:56 +02:00 · 7c670b39a2
parent a59bbf50d7 8c322aaba1
commit 7c670b39a2
3 changed files with 20 additions and 12 deletions
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@ -168,14 +168,15 @@ class ApplicationUtils
    public static function checkResourcePermissions($conf)
    {
        $errors = array();
+        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');

        // Check script and template directories are readable
        foreach (array(
            'application',
            'inc',
            'plugins',
-            $conf->get('resource.raintpl_tpl'),
-            $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
+            $rainTplDir,
+            $rainTplDir.'/'.$conf->get('resource.theme'),
        ) as $path) {
            if (! is_readable(realpath($path))) {
                $errors[] = '"'.$path.'" directory is not readable';
--- a/application/FileUtils.php
+++ b/application/FileUtils.php
@ -50,7 +50,8 @@ class FileUtils

    /**
     * Read data from a file containing Shaarli database format content.
-     * If the file isn't readable or doesn't exists, default data will be returned.
+     *
+     * If the file isn't readable or doesn't exist, default data will be returned.
     *
     * @param string $file    File path.
     * @param mixed  $default The default value to return if the file isn't readable.
@ -61,16 +62,21 @@ class FileUtils
    {
        // Note that gzinflate is faster than gzuncompress.
        // See: http://www.php.net/manual/en/function.gzdeflate.php#96439
-        if (is_readable($file)) {
-            return unserialize(
-                gzinflate(
-                    base64_decode(
-                        substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
-                    )
-                )
-            );
+        if (! is_readable($file)) {
+            return $default;
        }

-        return $default;
+        $data = file_get_contents($file);
+        if ($data == '') {
+            return $default;
+        }
+
+        return unserialize(
+            gzinflate(
+                base64_decode(
+                    substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
+                )
+            )
+        );
    }
 }
--- a/application/ThemeUtils.php
+++ b/application/ThemeUtils.php
@ -22,6 +22,7 @@ class ThemeUtils
     */
    public static function getThemes($tplDir)
    {
+        $tplDir = rtrim($tplDir, '/');
        $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
        $themes = [];
        foreach ($allTheme as $value) {