mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-15 02:33:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

Avoid race condition in users' homedir creation (#7000)

Browse Source
This commit is contained in:
Andriy Utkin
2024-11-18 09:57:50 +00:00
committed by GitHub
parent 5b9248f45f
commit 966f211202
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Controllers/userController.php
View File

@@ -229,6 +229,10 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
$ok = self::checkUsername($new_user_name);
$homeDir = join_path(DATA_PATH, 'users', $new_user_name);
// create basepath if missing
if (!is_dir(join_path(DATA_PATH, 'users'))) {
$ok &= mkdir(join_path(DATA_PATH, 'users'), 0770, true);
}
$configPath = '';
if ($ok) {
@@ -243,10 +247,12 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
$ok &= !file_exists($configPath);
}
if ($ok) {
if (!is_dir($homeDir)) {
mkdir($homeDir, 0770, true);
// $homeDir must not exist beforehand,
// otherwise it might be multiple remote parties racing to register one username
$ok = mkdir($homeDir, 0770, true);
if ($ok) {
$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false);
}
$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false);
}
if ($ok) {
$newUserDAO = FreshRSS_Factory::createUserDao($new_user_name);