From c174229d641a7a7c8c80893a98b237735f33c5a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur <eldy@users.sourceforge.net> Date: Wed, 10 Feb 2010 18:04:03 +0000 Subject: [PATCH] Fix: Pb with config file backup --- htdocs/install/etape1.php | 4 +++- htdocs/lib/files.lib.php | 10 ++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index 419852f01b4..97ea932e78a 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -208,7 +208,9 @@ if ($_POST["action"] == "set") // Save old conf file on disk if (file_exists("$conffile")) { - @dol_copy($conffile, $conffile.'.old'); // We must ignore errors as an existing old file may alreday exists and not be replacable + // We must ignore errors as an existing old file may alreday exists and not be replacable + // Also no other process must be able to read file or we expose the new file so content with password. + @dol_copy($conffile, $conffile.'.old', '0400'); } $error+=write_conf_file($conffile); diff --git a/htdocs/lib/files.lib.php b/htdocs/lib/files.lib.php index 6be72cdf00d..caa7e9f7c1f 100644 --- a/htdocs/lib/files.lib.php +++ b/htdocs/lib/files.lib.php @@ -304,11 +304,17 @@ function dol_is_file($pathoffile) /** * Copy a file to another file + * @param $srcfile Source file + * @param $destfile Destination file + * @param $newmask Mask for new file * @return boolean True if OK, false if KO */ -function dol_copy($srcfile, $destfile) +function dol_copy($srcfile, $destfile, $newmask) { - return @copy($srcfile, $destfile); + dol_syslog("files.lib.php::dol_copy srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask); + $result=@copy($srcfile, $destfile); + @chmod($file, octdec($newmask)); // File must not be readable by any others + return $result; } ?> -- GitLab