From 54e185d989d6dceb8aabc45554a08dd087e0f5eb Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Tue, 20 Jul 2004 12:30:15 +0000
Subject: [PATCH] =?UTF-8?q?renforcement=20de=20s=C3=A9curit=C3=A9=20dans?=
 =?UTF-8?q?=20les=20caches?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inc-cache.php3 | 13 +++++++++----
 inc-dir.php3   | 12 ++++++++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/inc-cache.php3 b/inc-cache.php3
index 7a973fce6a..946457e0a6 100644
--- a/inc-cache.php3
+++ b/inc-cache.php3
@@ -62,6 +62,7 @@ function ramener_squelette($squelette)
 		{
 		  spip_log("Squelette $squelette:\t($nom) chargé");
 		  flock($lock, LOCK_UN);
+		  fclose($lock);
 		  return $nom;
 		}
 	    }
@@ -78,7 +79,8 @@ function ramener_squelette($squelette)
     }
   if (!$r)
     {
-      if ($lock) flock($lock, LOCK_UN);
+      if ($lock) 
+	{ flock($lock, LOCK_UN); fclose($lock);}
       include_ecrire ("inc_presentation.php3");
       install_debut_html(_T('info_erreur_systeme'));
       echo $sourcefile, _L(' squelette illisible');
@@ -97,6 +99,7 @@ function ramener_squelette($squelette)
   fwrite($f,'?'.'>');
   fclose($f);
   flock($lock, LOCK_UN);
+  fclose($lock);
   spip_log("Squelette $squelette: ($nom)"  . strlen($r) . " octets, $timer ms");
   eval($r); # + rapide qu'un include puisqu'on l'a
   return $nom;
@@ -255,6 +258,7 @@ function ramener_cache($cle, $calcul, $contexte, &$fraicheur)
   if (!function_exists($calcul))
       {
 	flock($lock2, LOCK_UN);
+#      spip_log("libère verrou $cle (Compilateur absent)");
 	return(array('texte' => 'Compilateur absent'));
       }
   $page = $calcul($file, $contexte);
@@ -263,11 +267,12 @@ function ramener_cache($cle, $calcul, $contexte, &$fraicheur)
   if (!$n)
     {
       flock($lock2, LOCK_UN);
+#      spip_log("libère verrou $cle (Page vide)");
       @unlink($file);
     }
   else
     {
-      spip_log("Ecriture ($cle): $n octets (validité: $fraicheur sec.)");
+      spip_log("libère verrou $cle ($n octets, $fraicheur sec de validité.)");
       fseek($lock2,0);
       fwrite($lock2, "<!-- $fraicheur\t" . 
 	     $page['process_ins'] .
@@ -405,9 +410,9 @@ function retire_caches($caches)
     {
       $dir = dir_var();
       foreach ($caches as $path)
-	{ if ((strpos($path, $dir) === 0) && (strpos($path, '../') === false))
+	{ if (is_cache($path, $dir))
 	    @unlink($GLOBALS['flag_ecrire'] ? ('../' . $path) : $path);
-	  else die("PIRATE");
+	  else die(_T('info_acces_refuse') . ": $path");
 	}
     }
 }
diff --git a/inc-dir.php3 b/inc-dir.php3
index fe10edd996..6df980d313 100644
--- a/inc-dir.php3
+++ b/inc-dir.php3
@@ -101,4 +101,16 @@ function dir_of_file_cache($cle, $delai)
   return subdir_cache($hache[16],$delai);
 }
 
+# teste si son argument est un ficher du re'pertoire de cache
+
+function is_cache($path, $dir)
+{
+  $n = strlen($dir);
+  return
+    ((strpos($path, $dir) === 0) && 
+     (strpos("abcdef0123456789", $path[$n])) &&
+     ($path[$n+1] == '/') &&
+     (strpos($path, '../') === false) );
+}
+
 ?>
-- 
GitLab