Skip to content

Commit 6c96590

Browse files
kprovancekprovance
authored
Merge pull request #3972 from cezarpopa-cognita/master
Enable additional safeguards against read-only filesystems
2 parents d10bf72 + b5598f7 commit 6c96590

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

redux-core/inc/classes/class-redux-filesystem.php

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -532,7 +532,7 @@ public function put_contents( string $abs_path, string $contents, string $perms
532532

533533
// phpcs:ignore WordPress.PHP.NoSilencedErrors
534534
// @codingStandardsIgnoreStart
535-
$return = @file_put_contents( $abs_path, $contents );
535+
$return = is_writable( $abs_path ) ? @file_put_contents( $abs_path, $contents ) : false;
536536
// @codingStandardsIgnoreEnd
537537
$this->chmod( $abs_path );
538538

@@ -542,7 +542,8 @@ public function put_contents( string $abs_path, string $contents, string $perms
542542

543543
if ( ! $return && $this->use_filesystem ) {
544544
$abs_path = $this->get_sanitized_path( $abs_path );
545-
$return = $this->wp_filesystem->put_contents( $abs_path, $contents, $perms );
545+
// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writable
546+
$return = is_writable( $abs_path ) && $this->wp_filesystem->put_contents( $abs_path, $contents, $perms );
546547
}
547548

548549
return (bool) $return;
@@ -805,7 +806,8 @@ public function mkdir( string $abs_path, int $perms = null ): bool {
805806
}
806807

807808
try {
808-
$mkdirp = wp_mkdir_p( $abs_path );
809+
// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writable
810+
$mkdirp = is_writable( $abs_path ) && wp_mkdir_p( $abs_path );
809811
} catch ( Exception $e ) {
810812
$mkdirp = false;
811813
}
@@ -816,8 +818,9 @@ public function mkdir( string $abs_path, int $perms = null ): bool {
816818

817819
return true;
818820
}
819-
// phpcs:ignore WordPress.PHP.NoSilencedErrors, WordPress.WP.AlternativeFunctions
820-
$return = @mkdir( $abs_path, $perms, true );
821+
822+
// phpcs:ignore WordPress.PHP.NoSilencedErrors, WordPress.WP.AlternativeFunctions, WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writable
823+
$return = is_writable( $abs_path ) && @mkdir( $abs_path, $perms, true );
821824

822825
if ( ! $return && $this->use_filesystem ) {
823826
$abs_path = $this->get_sanitized_path( $abs_path );
@@ -840,7 +843,8 @@ public function mkdir( string $abs_path, int $perms = null ): bool {
840843

841844
foreach ( $dirs as $dir ) {
842845
$current_dir .= '/' . $dir;
843-
if ( ! $this->is_dir( $current_dir ) ) {
846+
// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writable
847+
if ( ! $this->is_dir( $current_dir ) && is_writable( $current_dir )) {
844848
$this->wp_filesystem->mkdir( $current_dir, $perms );
845849
}
846850
}

0 commit comments

Comments
 (0)