tobast/bizou
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Tar: do not assume exec yields a POSIX shell

Browse source
This commit is contained in:
Théophile Bastian 2017-12-11 20:17:31 +01:00
parent 61e81e087e
commit d389f5dd46
1 changed files with 16 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
plugins/_disabled/tar/tar.php
View file

@ -17,8 +17,10 @@
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
# do not enable recursive tars by default $TAR_BINARY = "/bin/tar";
$TAR_FLAGS = "--no-recursion";
# Add arbitrary parameters to tar
$TAR_FLAGS = "";
# send content length for browsers to display the progress bar # send content length for browsers to display the progress bar
# note : won't work if the http server uses Chunked transfer encoding (http://en.wikipedia.org/wiki/Chunked_transfer_encoding) # note : won't work if the http server uses Chunked transfer encoding (http://en.wikipedia.org/wiki/Chunked_transfer_encoding)
@ -45,21 +47,24 @@ if ( ! is_dir($realDir) ) {
die("Directory Not Found"); die("Directory Not Found");
} }
# change to the parent directory function escapePath($path) {
chdir(dirname($realDir)); # same as escapeshellarg function but this supports utf8 regardless of locale
return "'".str_replace("'", "'\\''", $path)."'";
}
$filesarg = basename($realDir); $path = escapePath(realpath(dirname($realDir)));
# same as escapeshellarg function but this supports utf8 regardless of locale $filesarg = escapePath(basename($realDir));
$filesarg = "'".str_replace("'", "'\\''", $filesarg)."'";
$filesarg = "$filesarg/*";
# compute and send content-length header # compute and send content-length header
if ($SEND_CONTENT_LENGTH) { if ($SEND_CONTENT_LENGTH) {
$out = exec("tar $TAR_FLAGS --totals -cf /dev/null $filesarg 2>&1", $output, $ret); $out = exec("$TAR_BINARY $TAR_FLAGS --totals -cf /dev/null "
. "-C $path $filesarg 2>&1",
$output, $ret);
preg_match('/^Total bytes written: ([0-9]+) /', $out, $matches); preg_match('/^Total bytes written: ([0-9]+) /', $out, $matches);
$totalsize = $matches[1]; $totalsize = $matches[1];
($totalsize > 1000 and $ret === 0) or die("Could not tar: $filesarg. Try checking permissions."); ($totalsize > 1000 and $ret === 0)
or die("Could not tar: $filesarg. Try checking permissions.");
header("Content-Length: $totalsize"); header("Content-Length: $totalsize");
} }
@ -68,6 +73,6 @@ if ($SEND_CONTENT_LENGTH) {
header('Content-Type: application/x-tar'); header('Content-Type: application/x-tar');
header('Content-Disposition: attachment; filename="'.basename($realDir).'.tar"'); header('Content-Disposition: attachment; filename="'.basename($realDir).'.tar"');
passthru("tar $TAR_FLAGS -c $filesarg"); passthru("$TAR_BINARY $TAR_FLAGS -C $path -c $filesarg");
?> ?>