tobast
/
bizou
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tar: do not assume `exec` yields a POSIX shell

This commit is contained in:
Théophile Bastian 2017-12-11 20:17:31 +01:00
parent 61e81e087e
commit d389f5dd46
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
plugins/_disabled/tar/tar.php
View File

@ -17,8 +17,10 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
# do not enable recursive tars by default
$TAR_FLAGS = "--no-recursion";
$TAR_BINARY = "/bin/tar";
# Add arbitrary parameters to tar
$TAR_FLAGS = "";
# send content length for browsers to display the progress bar
# note : won't work if the http server uses Chunked transfer encoding (http://en.wikipedia.org/wiki/Chunked_transfer_encoding)
@ -45,21 +47,24 @@ if ( ! is_dir($realDir) ) {
die("Directory Not Found");
}
# change to the parent directory
chdir(dirname($realDir));
function escapePath($path) {
# same as escapeshellarg function but this supports utf8 regardless of locale
return "'".str_replace("'", "'\\''", $path)."'";
}
$filesarg = basename($realDir);
# same as escapeshellarg function but this supports utf8 regardless of locale
$filesarg = "'".str_replace("'", "'\\''", $filesarg)."'";
$filesarg = "$filesarg/*";
$path = escapePath(realpath(dirname($realDir)));
$filesarg = escapePath(basename($realDir));
# compute and send content-length header
if ($SEND_CONTENT_LENGTH) {
$out = exec("tar $TAR_FLAGS --totals -cf /dev/null $filesarg 2>&1", $output, $ret);
$out = exec("$TAR_BINARY $TAR_FLAGS --totals -cf /dev/null "
. "-C $path $filesarg 2>&1",
$output, $ret);
preg_match('/^Total bytes written: ([0-9]+) /', $out, $matches);
$totalsize = $matches[1];
($totalsize > 1000 and $ret === 0) or die("Could not tar: $filesarg. Try checking permissions.");
($totalsize > 1000 and $ret === 0)
or die("Could not tar: $filesarg. Try checking permissions.");
header("Content-Length: $totalsize");
}
@ -68,6 +73,6 @@ if ($SEND_CONTENT_LENGTH) {
header('Content-Type: application/x-tar');
header('Content-Disposition: attachment; filename="'.basename($realDir).'.tar"');
passthru("tar $TAR_FLAGS -c $filesarg");
passthru("$TAR_BINARY $TAR_FLAGS -C $path -c $filesarg");
?>