From b59292ca571b77ab214852a2e70f4b040cfe636a Mon Sep 17 00:00:00 2001 From: Max Klaversma Date: Fri, 24 Jan 2014 18:50:47 +0100 Subject: [PATCH] Added check for permissions in UpdateManager --- application/core/UpdateManager.php | 66 ++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 13 deletions(-) diff --git a/application/core/UpdateManager.php b/application/core/UpdateManager.php index 024625b5..c4f5b0e1 100644 --- a/application/core/UpdateManager.php +++ b/application/core/UpdateManager.php @@ -210,22 +210,62 @@ class UpdateManager implements CallbackListener, CommandListener { $this->maniaControl->chat->sendError('Update is currently not possible!', $player->login); return; } - $this->maniaControl->chat->sendInformation("Starting Update to Version v{$updateData->version}...", $player->login); - $this->maniaControl->log("Starting Update to Version v{$updateData->version}..."); - $performBackup = $this->maniaControl->settingManager->getSetting($this, self::SETTING_PERFORM_BACKUPS); - if($performBackup && !$this->performBackup()) { - $this->maniaControl->chat->sendError('Creating backup failed.', $player->login); - $this->maniaControl->log("Creating backup failed."); - } - if(!$this->performCoreUpdate($updateData)) { - $this->maniaControl->chat->sendError('Update failed!', $player->login); - return; - } - $this->maniaControl->chat->sendSuccess('Update finished!', $player->login); - $this->maniaControl->restart(); + if($this->checkPermissions($player)) { + $this->maniaControl->chat->sendInformation("Starting Update to Version v{$updateData->version}...", $player->login); + $this->maniaControl->log("Starting Update to Version v{$updateData->version}..."); + $performBackup = $this->maniaControl->settingManager->getSetting($this, self::SETTING_PERFORM_BACKUPS); + if($performBackup && !$this->performBackup()) { + $this->maniaControl->chat->sendError('Creating backup failed.', $player->login); + $this->maniaControl->log("Creating backup failed."); + } + if(!$this->performCoreUpdate($updateData)) { + $this->maniaControl->chat->sendError('Update failed!', $player->login); + return; + } + $this->maniaControl->chat->sendSuccess('Update finished!', $player->login); + + $this->maniaControl->restart(); + } } + private function checkPermissions(Player $player) { + $writableDirectories = array('core/', 'plugins/'); + $readableDirectories = array('configs/'); + $ignore = array('.', '..'); + $path = str_replace('core', '', realpath(dirname(__FILE__))); + + try { + foreach($writableDirectories as $writableDirecotry) { + $files = scandir($path.$writableDirecotry); + foreach($files as $file) { + if(!in_array($file, $ignore)) { + if(!is_writable($path.$writableDirecotry.$file)) { + throw new \Exception('"'.$path.$writableDirecotry.$file.'" is not writable!'); + } + } + } + } + + foreach($readableDirectories as $readableDirectory) { + $files = scandir($path.$readableDirectory); + foreach($files as $file) { + if(!in_array($file, $ignore)) { + if(!is_readable($path.$readableDirectory.$file)) { + throw new \Exception('"'.$path.$readableDirectory.$file.'" is not readable!'); + } + } + } + } + } catch(\Exception $e) { + $this->maniaControl->log('Cannot update: '.$e->getMessage()); + $this->maniaControl->chat->sendError('Cannot update: '.$e->getMessage(), $player->login); + return false; + } + + return true; + } + /** * Check given Plugin Class for Update *