|
|
|
Upload behaviour: msg#00133web.wiki.pmwiki.user
Hi, the function move_uploaded_file() causes the saved attachment to keep the apache mask which is 600 nobody.nogroup by default. Which means "read and write for nobody" (in two ways). That way an admin (not root) can't remove/move the files. Just think of moving PmWiki to another directory. copy() -> unlink() does the job well and creates the file with the desired umask. scripts/upload.php (131-132) ======= if (!copy($uploadfile['tmp_name'],$filepath)) { Abort("?cannot move uploaded file to $filepath"); return; } unlink($uploadfile['tmp_name']); ======= Unfortunately this small patch does NOT apply to files which do already exist even when they get overwritten. They keep their umask. :( PmWiki is great. Good Job. Gr33tZ Ruediger -- Ich liebe es, wenn ein Plan funktioniert. Hannibal Smith |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Links to anchors (bug or undocumented behaviour): 00133, Patrick R. Michaud |
|---|---|
| Next by Date: | fonts in wiki pages: 00133, Aimee Mostella |
| Previous by Thread: | Links to anchors (bug or undocumented behaviour)i: 00133, Giles Williams |
| Next by Thread: | fonts in wiki pages: 00133, Aimee Mostella |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |