Commit 8a9cfeb4 authored by catch's avatar catch
Browse files

Issue #2834525 by alexpott, kim.pepper, jummonk, joshua.roberson, Ruuds:... 

Issue #2834525 by alexpott, kim.pepper, jummonk, joshua.roberson, Ruuds: Permission denied caused by race condition during ensureDirectory should be silenced

(cherry picked from commit 16209df4)
parent 243e2910

composer/Plugin/VendorHardening/FileSecurity.php

+5 −3
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ class FileSecurity { 
   *   TRUE if the file already exists or was created. FALSE otherwise.

   */

  public static function writeHtaccess($directory, $deny_public_access = TRUE, $force = FALSE) {

    return self::writeFile($directory, '/.htaccess', self::htaccessLines($deny_public_access), $force);

    return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access), $force);

  }



  /**
@@ -112,7 +112,7 @@ protected static function denyPublicAccess() { 
   *   TRUE if the file already exists or was created. FALSE otherwise.

   */

  public static function writeWebConfig($directory, $force = FALSE) {

    return self::writeFile($directory, '/web.config', self::webConfigLines(), $force);

    return self::writeFile($directory, 'web.config', self::webConfigLines(), $force);

  }



  /**
@@ -154,7 +154,9 @@ protected static function writeFile($directory, $filename, $contents, $force) { 
    if (file_exists($file_path) && !$force) {

      return TRUE;

    }

    if (file_exists($directory) && is_writable($directory) && file_put_contents($file_path, $contents)) {

    // Try to write the file. This can fail if concurrent requests are both

    // trying to write a the same time.

    if (@file_put_contents($file_path, $contents)) {

      return @chmod($file_path, 0444);

    }

    return FALSE;

core/lib/Drupal/Component/FileSecurity/FileSecurity.php

+8 −3
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ class FileSecurity { 
   *   TRUE if the file already exists or was created. FALSE otherwise.

   */

  public static function writeHtaccess($directory, $deny_public_access = TRUE, $force = FALSE) {

    return self::writeFile($directory, '/.htaccess', self::htaccessLines($deny_public_access), $force);

    return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access), $force);

  }



  /**
@@ -110,7 +110,7 @@ protected static function denyPublicAccess() { 
   *   TRUE if the file already exists or was created. FALSE otherwise.

   */

  public static function writeWebConfig($directory, $force = FALSE) {

    return self::writeFile($directory, '/web.config', self::webConfigLines(), $force);

    return self::writeFile($directory, 'web.config', self::webConfigLines(), $force);

  }



  /**
@@ -152,7 +152,12 @@ protected static function writeFile($directory, $filename, $contents, $force) { 
    if (file_exists($file_path) && !$force) {

      return TRUE;

    }

    if (file_exists($directory) && is_writable($directory) && file_put_contents($file_path, $contents)) {

    // Writing the file can fail if:

    // - concurrent requests are both trying to write at the same time.

    // - $directory does not exist or is not writable.

    // Testing for these conditions introduces windows for concurrency issues to

    // occur.

    if (@file_put_contents($file_path, $contents)) {

      return @chmod($file_path, 0444);

    }

    return FALSE;