Commit 2a0e3264 authored by Dries's avatar Dries

- Patch #942690 by effulgentsia: security harden stream wrappers by defaulting them as remote.

parent c7e9857d
......@@ -90,12 +90,37 @@
*
* A stream is referenced as "scheme://target".
*
* The optional $filter parameter can be used to retrieve only the stream
* wrappers that are appropriate for particular usage. For example, this returns
* only stream wrappers that use local file storage:
* @code
* $local_stream_wrappers = file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL);
* @endcode
*
* The $filter parameter can only filter to types containing a particular flag.
* In some cases, you may want to filter to types that do not contain a
* particular flag. For example, you may want to retrieve all stream wrappers
* that are not writable, or all stream wrappers that are not local. PHP's
* array_diff_key() function can be used to help with this. For example, this
* returns only stream wrappers that do not use local file storage:
* @code
* $remote_stream_wrappers = array_diff_key(file_get_stream_wrappers(STREAM_WRAPPERS_ALL), file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL));
* @endcode
*
* @param $filter
* Optionally filter out all types except these. Defaults to
* STREAM_WRAPPERS_ALL, which returns all registered stream wrappers.
* (Optional) Filters out all types except those with an on bit for each on
* bit in $filter. For example, if $filter is STREAM_WRAPPERS_WRITE_VISIBLE,
* which is equal to (STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE |
* STREAM_WRAPPERS_VISIBLE), then only stream wrappers with all three of these
* bits set are returned. Defaults to STREAM_WRAPPERS_ALL, which returns all
* registered stream wrappers.
*
* @return
* Returns the entire Drupal stream wrapper registry.
* An array keyed by scheme, with values containing an array of information
* about the stream wrapper, as returned by hook_stream_wrappers(). If $filter
* is omitted or set to STREAM_WRAPPERS_ALL, the entire Drupal stream wrapper
* registry is returned. Otherwise only the stream wrappers whose 'type'
* bitmask has an on bit for each bit specified in $filter are returned.
*
* @see hook_stream_wrappers()
* @see hook_stream_wrappers_alter()
......@@ -122,11 +147,11 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) {
else {
$wrappers[$scheme]['override'] = FALSE;
}
if (($info['type'] & STREAM_WRAPPERS_REMOTE) == STREAM_WRAPPERS_REMOTE) {
stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL);
if (($info['type'] & STREAM_WRAPPERS_LOCAL) == STREAM_WRAPPERS_LOCAL) {
stream_wrapper_register($scheme, $info['class']);
}
else {
stream_wrapper_register($scheme, $info['class']);
stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL);
}
}
// Pre-populate the static cache with the filters most typically used.
......@@ -141,7 +166,7 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) {
$wrappers_storage[$filter] = array();
foreach ($wrappers_storage[STREAM_WRAPPERS_ALL] as $scheme => $info) {
// Bit-wise filter.
if ($info['type'] & $filter == $filter) {
if (($info['type'] & $filter) == $filter) {
$wrappers_storage[$filter][$scheme] = $info;
}
}
......
......@@ -22,6 +22,9 @@
/**
* Stream wrapper bit flags that are the basis for composite types.
*
* Note that 0x0002 is skipped, because it was the value of a constant that has
* since been removed.
*/
/**
......@@ -34,11 +37,6 @@
*/
define('STREAM_WRAPPERS_LOCAL', 0x0001);
/**
* Stream wrapper bit flag -- refers to a remote filesystem location.
*/
define('STREAM_WRAPPERS_REMOTE', 0x0002);
/**
* Stream wrapper bit flag -- wrapper is readable (almost always true).
*/
......@@ -64,6 +62,11 @@
*/
define('STREAM_WRAPPERS_HIDDEN', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE);
/**
* Stream wrapper type flag -- hidden, readable and writeable using local files.
*/
define('STREAM_WRAPPERS_LOCAL_HIDDEN', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_HIDDEN);
/**
* Stream wrapper type flag -- visible, readable and writeable.
*/
......@@ -74,10 +77,19 @@
*/
define('STREAM_WRAPPERS_READ_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_VISIBLE);
/**
* Stream wrapper type flag -- the default when 'type' is omitted from
* hook_stream_wrappers(). This does not include STREAM_WRAPPERS_LOCAL,
* because PHP grants a greater trust level to local files (for example, they
* can be used in an "include" statement, regardless of the "allow_url_include"
* setting), so stream wrappers need to explicitly opt-in to this.
*/
define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_WRITE_VISIBLE);
/**
* Stream wrapper type flag -- visible, readable and writeable using local files.
*/
define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_WRITE_VISIBLE);
define('STREAM_WRAPPERS_LOCAL_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_NORMAL);
/**
* Generic PHP stream wrapper interface.
......
......@@ -2297,9 +2297,13 @@ function hook_modules_uninstalled($modules) {
* - 'class' A string specifying the PHP class that implements the
* DrupalStreamWrapperInterface interface.
* - 'description' A string with a short description of what the wrapper does.
* - 'type' A bitmask of flags indicating what type of streams this wrapper
* will access - local or remote, readable and/or writeable, etc. Many
* shortcut constants are defined in stream_wrappers.inc.
* - 'type' (Optional) A bitmask of flags indicating what type of streams this
* wrapper will access - local or remote, readable and/or writeable, etc.
* Many shortcut constants are defined in stream_wrappers.inc. Defaults to
* STREAM_WRAPPERS_NORMAL which includes all of these bit flags:
* - STREAM_WRAPPERS_READ
* - STREAM_WRAPPERS_WRITE
* - STREAM_WRAPPERS_VISIBLE
*
* @see file_get_stream_wrappers()
* @see hook_stream_wrappers_alter()
......@@ -2311,18 +2315,35 @@ function hook_stream_wrappers() {
'name' => t('Public files'),
'class' => 'DrupalPublicStreamWrapper',
'description' => t('Public local files served by the webserver.'),
'type' => STREAM_WRAPPERS_LOCAL_NORMAL,
),
'private' => array(
'name' => t('Private files'),
'class' => 'DrupalPrivateStreamWrapper',
'description' => t('Private local files served by Drupal.'),
'type' => STREAM_WRAPPERS_LOCAL_NORMAL,
),
'temp' => array(
'name' => t('Temporary files'),
'class' => 'DrupalTempStreamWrapper',
'description' => t('Temporary local files for upload and previews.'),
'type' => STREAM_WRAPPERS_HIDDEN,
)
'type' => STREAM_WRAPPERS_LOCAL_HIDDEN,
),
'cdn' => array(
'name' => t('Content delivery network files'),
'class' => 'MyModuleCDNStreamWrapper',
'description' => t('Files served by a content delivery network.'),
// 'type' can be omitted to use the default of STREAM_WRAPPERS_NORMAL
),
'youtube' => array(
'name' => t('YouTube video'),
'class' => 'MyModuleYouTubeStreamWrapper',
'description' => t('Video streamed from YouTube.'),
// A module implementing YouTube integration may decide to support using
// the YouTube API for uploading video, but here, we assume that this
// particular module only supports playing YouTube video.
'type' => STREAM_WRAPPERS_READ_VISIBLE,
),
);
}
......
......@@ -1545,12 +1545,13 @@ function system_stream_wrappers() {
'name' => t('Public files'),
'class' => 'DrupalPublicStreamWrapper',
'description' => t('Public local files served by the webserver.'),
'type' => STREAM_WRAPPERS_LOCAL_NORMAL,
),
'temporary' => array(
'name' => t('Temporary files'),
'class' => 'DrupalTemporaryStreamWrapper',
'description' => t('Temporary local files for upload and previews.'),
'type' => STREAM_WRAPPERS_HIDDEN,
'type' => STREAM_WRAPPERS_LOCAL_HIDDEN,
),
);
......@@ -1560,6 +1561,7 @@ function system_stream_wrappers() {
'name' => t('Private files'),
'class' => 'DrupalPrivateStreamWrapper',
'description' => t('Private local files served by Drupal.'),
'type' => STREAM_WRAPPERS_LOCAL_NORMAL,
);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment