In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ]

[ View Advanced ] [ Issue History ] [ Print ]

Tags

No tags attached.

Reference

https://groups.google.com/d/topic/in-portal-dev/pi4bweIypGs/discussion

Change Log Message

Created new restricted folder for logs

Estimate Points

Attached Files

restricted_folder_core.patch [^] (6,111 bytes) 2011-05-23 05:15 [Show Content]

Index: core/install.php
===================================================================
--- core/install.php	(revision 14318)
+++ core/install.php	(working copy)
@@ -99,6 +99,7 @@
 		 */
 		var $writeableFolders = Array (
 			'$1',
+			'$1/.restricted',
 			'$1/images',
 			'$1/images/pending',
 			'$1/images/emoticons', // for "In-Bulletin"
@@ -167,12 +168,17 @@
 				$this->writeableFolders[] = $this->toolkit->defaultWritablePath . '/config.php';
 			}
 
-			if (!$this->toolkit->getSystemConfig('Misc', 'WriteablePath')) {
+			if ( !$this->toolkit->getSystemConfig('Misc', 'WriteablePath') ) {
 				// set global writable folder when such setting is missing
 				$this->toolkit->setSystemConfig('Misc', 'WriteablePath', $this->toolkit->defaultWritablePath);
 				$this->toolkit->SaveConfig(true); // immediately save, because this path will be used in Application later
 			}
 
+			if ( !$this->toolkit->getSystemConfig('Misc', 'RestrictedPath') ) {
+				$this->toolkit->setSystemConfig('Misc', 'RestrictedPath', $this->toolkit->getSystemConfig('Misc', 'WriteablePath') . DIRECTORY_SEPARATOR . '.restricted');
+				$this->toolkit->SaveConfig(true);
+			}
+
 			$this->currentStep = $this->GetVar('step');
 
 			// can't check login on steps where no application present anyways :)
Index: core/kernel/application.php
===================================================================
--- core/kernel/application.php	(revision 14348)
+++ core/kernel/application.php	(working copy)
@@ -2755,7 +2755,7 @@
 	{
 		if (defined('SILENT_LOG') && SILENT_LOG) {
 			if ( !(defined('DBG_IGNORE_STRICT_ERRORS') && DBG_IGNORE_STRICT_ERRORS && defined('E_STRICT') && ($errno == E_STRICT)) ) {
-				$fp = fopen(FULL_PATH.'/silent_log.txt','a');
+				$fp = fopen((defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . '/silent_log.txt', 'a');
 				$time = adodb_date('d/m/Y H:i:s');
 				fwrite($fp, '['.$time.'] #'.$errno.': '.strip_tags($errstr).' in ['.$errfile.'] on line '.$errline."\n");
 				fclose($fp);
Index: core/kernel/session/session.php
===================================================================
--- core/kernel/session/session.php	(revision 14318)
+++ core/kernel/session/session.php	(working copy)
@@ -354,7 +354,7 @@
 
 		// delete debugger ouputs left of deleted sessions
 		foreach ($session_ids as $session_id) {
-			$debug_file = WRITEABLE . '/cache/debug_@' . $session_id . '@.txt';
+			$debug_file = (defined('RESTRICTED') ? RESTRICTED : WRITEABLE . '/cache') . '/debug_@' . $session_id . '@.txt';
 			if (file_exists($debug_file)) {
 				@unlink($debug_file);
  			}
Index: core/kernel/startup.php
===================================================================
--- core/kernel/startup.php	(revision 14323)
+++ core/kernel/startup.php	(working copy)
@@ -86,6 +86,10 @@
 		define('WRITEBALE_BASE', $vars['WriteablePath']);
 	}
 
+	if ( isset($vars['RestrictedPath']) ) {
+		define('RESTRICTED', FULL_PATH . $vars['RestrictedPath']);
+	}
+
 	if ($vars === false || count($vars) == 0) {
 		global $rootURL;
 		echo 'In-Portal is probably not installed, or configuration file is missing.<br>';
Index: core/kernel/utility/debugger.php
===================================================================
--- core/kernel/utility/debugger.php	(revision 14323)
+++ core/kernel/utility/debugger.php	(working copy)
@@ -331,7 +331,7 @@
 				$this->baseURL = PROTOCOL.SERVER_NAME.(defined('PORT') ? ':'.PORT : '').rtrim(BASE_PATH, '/').$kernel_path.'/utility/debugger';
 
 				// save debug output in this folder
-				$this->tempFolder = WRITEABLE . '/cache';
+				$this->tempFolder = defined('RESTRICTED') ? RESTRICTED : WRITEABLE . '/cache';
 			}
 
 			function mapLongError($msg)
Index: core/kernel/utility/http_query.php
===================================================================
--- core/kernel/utility/http_query.php	(revision 14325)
+++ core/kernel/utility/http_query.php	(working copy)
@@ -729,9 +729,11 @@
 
 	function writeRequestLog($filename)
 	{
-		$folder_path = dirname(FULL_PATH.'/'.$filename);
-		if (is_writable($folder_path)) {
-			$fp = fopen(FULL_PATH.'/'.$filename, 'a');
+		$log_file = (defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . '/' . $filename;
+
+		if ( is_writable( dirname($log_file) ) ) {
+			$fp = fopen($log_file, 'a');
+
 			if ($fp) {
 				$session =& $this->Application->recallObject('Session');
 				$user_id = $session->GetField('PortalUserId');
Index: core/units/helpers/cat_dbitem_export_helper.php
===================================================================
--- core/units/helpers/cat_dbitem_export_helper.php	(revision 14318)
+++ core/units/helpers/cat_dbitem_export_helper.php	(working copy)
@@ -915,7 +915,7 @@
 		{
 			static $first_time = true;
 
-			$fp = fopen(FULL_PATH.'/sqls.log', $first_time ? 'w' : 'a');
+			$fp = fopen((defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . '/sqls.log', $first_time ? 'w' : 'a');
 			fwrite($fp, $msg."\n");
 			fclose($fp);
 
Index: core/units/helpers/curl_helper.php
===================================================================
--- core/units/helpers/curl_helper.php	(revision 14325)
+++ core/units/helpers/curl_helper.php	(working copy)
@@ -228,7 +228,7 @@
 
 			if ($this->debugMode) {
 				safeDefine('DBG_CURL_LOGFILE', '/curl.log');
-				$this->logFilePointer = fopen(FULL_PATH.DBG_CURL_LOGFILE, 'a');
+				$this->logFilePointer = fopen((defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . DBG_CURL_LOGFILE, 'a');
 
 				$user_id = $this->Application->RecallVar('user_id');
 				$data = $_SERVER['REMOTE_ADDR'] . ' - ['.adodb_date('D M d H:i:s Y').'] ' . $_SERVER['REQUEST_URI'] . '; user_id: '.$user_id.'; sid: '.$this->Application->GetSID();
Index: system/.htaccess
===================================================================
--- system/.htaccess	(revision 14318)
+++ system/.htaccess	(working copy)
@@ -1,4 +1,6 @@
 <Files ~ "\.(php|php3|php.*|shtml|phtml|sql)$">
   order allow,deny
   deny from all
-</Files>
\ No newline at end of file
+</Files>
+
+RedirectMatch 404 /\.restricted(/|$)
\ No newline at end of file

restricted_folder_modules.patch [^] (5,998 bytes) 2011-05-23 05:15 [Show Content]

Index: in-auction/units/sections/ebay_eh.php
===================================================================
--- in-auction/units/sections/ebay_eh.php	(revision 14318)
+++ in-auction/units/sections/ebay_eh.php	(working copy)
@@ -1141,11 +1141,9 @@
 
 			return true;
 
-//			$f = fopen(WRITEABLE . '/user_files/attrib_small.txt', 'w+');
-//			fwrite($f, $Answer->AttributeData);
-//			fclose($f);
-
-
+			/*$f = fopen((defined('RESTRICTED') ? RESTRICTED : WRITEABLE . '/user_files') . '/attrib_small.txt', 'w+');
+			fwrite($f, $Answer->AttributeData);
+			fclose($f);*/
 		}
 
 		function &CutXmlTag(&$data, $tag)
Index: in-commerce/gw_notify.php
===================================================================
--- in-commerce/gw_notify.php	(revision 14318)
+++ in-commerce/gw_notify.php	(working copy)
@@ -12,32 +12,32 @@
 */
 	define('GW_NOTIFY', 1);
 	define('REL_PATH', 'modules/in-commerce');
-	define('FULL_PATH', realpath(dirname(__FILE__) . '/../..'));	
+	define('FULL_PATH', realpath(dirname(__FILE__) . '/../..'));
 	include_once(FULL_PATH . '/core/kernel/startup.php');
-	
+
 	$application =& kApplication::Instance();
 	$application->Init();
 
-	/*
+
 	// for debugging payment gateway notifications, don't remove
-	$fh = fopen(WRITEABLE . '/gw.log', 'a');
+	/*$fh = fopen((defined('RESTRICTED') ? RESTRICTED : WRITEABLE) . '/gw.log', 'a');
 	fwrite ($fh, "\n\n".date('d/m/y h:i:s').":\n");
 	foreach ($_REQUEST as $key => $val) {
 		fwrite($fh, "<input type=\"text\" name=\"$key\" value=\"$val\">\n");
 	}
-	fclose($fh);
-	*/
-	
+	fclose($fh);*/
+
+
 	$db =& $application->GetADODBConnection();
 
 	$application->setUnitOption('ord','AutoLoad',false);
 	$order =& $application->recallObject('ord');
-	
+
 	$order_id = $application->GetVar('order_id');
 	if ($order_id) {
 		$order->Load($order_id);
 	}
-		
+
 	$gw_data = $order->getGatewayData($application->GetVar('payment_type_id'));
 	$application->registerClass( $gw_data['ClassName'], GW_CLASS_PATH.'/'.$gw_data['ClassFile'] );
 	$gateway_object =& $application->recallObject( $gw_data['ClassName'] );
Index: in-commerce/units/gateways/gw_classes/google_checkout.php
===================================================================
--- in-commerce/units/gateways/gw_classes/google_checkout.php	(revision 14318)
+++ in-commerce/units/gateways/gw_classes/google_checkout.php	(working copy)
@@ -178,10 +178,8 @@
 	    {
 	    	$xml_data = $GLOBALS['HTTP_RAW_POST_DATA'];
 
-	    	if ($this->Application->isDebugMode()) {
-		    	$fp = fopen(FULL_PATH.'/xml_request.html', 'a');
-				fwrite($fp, '--- '.adodb_date('Y-m-d H:i:s').' ---'."\n".$xml_data);
-				fclose($fp);
+	    	if ( $this->Application->isDebugMode() ) {
+	    		$this->toLog($xml_data, 'xml_request.html');
 	    	}
 
 	    	return $xml_data;
@@ -235,16 +233,27 @@
 
 			echo $xml_responce;
 
-			if ($this->Application->isDebugMode()) {
-	    		$fp = fopen(FULL_PATH.'/xml_responce.html', 'a');
-				fwrite($fp, '--- '.adodb_date('Y-m-d H:i:s').' ---'."\n".$xml_responce."\n");
-				fclose($fp);
+			if ( $this->Application->isDebugMode() ) {
+				$this->toLog($xml_responce, 'xml_responce.html');
 			}
 
     		return $order_approvable ? 1 : 0;
 		}
 
 		/**
+	     * Writes XML requests and responces to a file
+	     *
+	     * @param string $xml_data
+	     * @param string $xml_file
+	     */
+	    function toLog($xml_data, $xml_file)
+	    {
+	    	$fp = fopen( (defined('RESTRICTED') ? RESTRICTED : FULL_PATH) . '/' . $xml_file, 'a' );
+			fwrite($fp, '--- ' . adodb_date('Y-m-d H:i:s') . ' ---' . "\n" . $xml_data);
+			fclose($fp);
+	    }
+
+		/**
 		 * Processes notification
 		 *
 		 * @param kXMLNode $root_node
Index: in-commerce/units/shipping_quote_engines/usps.php
===================================================================
--- in-commerce/units/shipping_quote_engines/usps.php	(revision 14318)
+++ in-commerce/units/shipping_quote_engines/usps.php	(working copy)
@@ -44,8 +44,6 @@
 define('MODULE_SHIPPING_USPS_INSURE', 'True');// 'Insure packages shipped by USPS?
 define('MODULE_SHIPPING_USPS_INSURE_TAX', 'True');// 'Insure tax on packages shipped by USPS?
 
-define('USPS_LOG_FILE', WRITEABLE .'/user_files/usps.log');
-
 class USPS extends ShippingQuoteEngine
 {
 	var $countries, $pounds, $ounces, $insurance_cost = 0, $shipping_origin_country, $store_first_name, $store_last_name, $company_name, $store_name, $store_address1, $store_address2, $store_city, $store_state, $store_zip5, $store_zip4, $store_phone, $usps_userid;
@@ -53,10 +51,19 @@
 	var $types = Array();
 	var $intl_types = Array();
 
+	/**
+	 * Path to a request log file
+	 *
+	 * @var string
+	 */
+	var $logFilePath = '';
+
 	function USPS()
 	{
 		parent::kBase();
 
+		$this->logFilePath = (defined('RESTRICTED') ? RESTRICTED : WRITEABLE . '/user_files') . '/usps.log';
+
         // EXPRESS, FIRST CLASS, PRIORITY, PARCEL, BMP, MEDIA
 		$this->types = Array(
 			'EXPRESS' => 'Express Mail',
@@ -1141,20 +1148,22 @@
 		$body = curl_exec($curl);
 		curl_close($curl);
 
-		if (defined('USPS_LOG_FILE')) {
-			$filename = USPS_LOG_FILE;
-	      	if ( !$fp = fopen($filename, "a") ) echo("Failed opening file $filename");
+		if ($this->logFilePath) {
+			$fp = fopen($this->logFilePath, 'a');
+
+			if ($fp) {
+				$request_url = sprintf("Date %s : IP %s\n\nPost\n\n%s\n\nReplay\n\n%s\n\n",
+			   		adodb_date('m/d/Y H:i:s'),
+			   		$_SERVER['REMOTE_ADDR'],
+			   		$usps_server . '/' . $api_dll . '?' . urldecode($request),
+			   		$body
+			   	);
+
+			   	fwrite($fp, $request_url);
+			   	fclose($fp);
+			}
 		}
-	   	$request_url = sprintf("Date %s : IP %s\n\nPost\n\n%s\n\nReplay\n\n%s\n\n",
-	   		date("m/d/Y H:i:s",time()),
-	   		$_SERVER['REMOTE_ADDR'],
-	   		$usps_server.'/'.$api_dll.'?'.urldecode($request),
-	   		$body
-	   	);
-		if (defined('USPS_LOG_FILE')) {
-	        if (!fwrite($fp, $request_url)) echo("Failed writing to file $filename");
-	        fclose($fp);
-		}
+
 		return $body;
 	}

Relationships [ Relation Graph ] [ Dependency Graph ]

parent of

0001079

closed (5.1.3)

!COMMUNITY

Script "clear_cache.sh" is not Deleting Debug files

Notes
(0003496) alex (manager) 2011-05-23 05:16	Done. Please create "/system/.restricted" folder and make it writable before testing. This folder will commited and it's write permissions are already checked during installation/upgrade.

(0003501) Dmitry (manager) 2011-05-23 17:45	Tested okay, please commit.

(0003515) alex (manager) 2011-06-01 02:50	Fix committed to 5.1.x branch. Commit Message: Fixes 0000947: Create new folder with restricted access from Web

(0003839) alex (manager) 2011-09-19 16:08	Closing, since 5.1.3 release has been released.

Related Changesets
In-Portal CMS: 5.1.x r14365 Timestamp: 2011-06-14 08:56:45 Author: alex [ Details ] [ Diff ]	Bug 0000947: Create new folder with restricted access from Web 1. Forgot to commit changes to curl_helper.php file
	mod - /in-portal/branches/5.1.x/core/units/helpers/curl_helper.php	[ Diff ] [ File ]

In-Portal CMS: 5.1.x r14360 Timestamp: 2011-06-01 02:50:46 Author: alex [ Details ] [ Diff ]	Fixes 0000947: Create new folder with restricted access from Web
	mod - /in-portal/branches/5.1.x/core/install.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/kernel/application.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/kernel/session/session.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/kernel/startup.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/kernel/utility/debugger.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/kernel/utility/http_query.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/core/units/helpers/cat_dbitem_export_helper.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.1.x/system/.htaccess	[ Diff ] [ File ]
	add - /in-portal/branches/5.1.x/system/.restricted	[ File ]

Modules :: In-Commerce: 5.1.x r14359 Timestamp: 2011-06-01 02:45:49 Author: alex [ Details ] [ Diff ]	Bug 0000947: Create new folder with restricted access from Web
	mod - /w/in-commerce/branches/5.1.x/gw_notify.php	[ Diff ] [ File ]
	mod - /w/in-commerce/branches/5.1.x/units/gateways/gw_classes/google_checkout.php	[ Diff ] [ File ]
	mod - /w/in-commerce/branches/5.1.x/units/shipping_quote_engines/usps.php	[ Diff ] [ File ]

Issue History
Date Modified	Username	Field	Change
2011-09-19 16:08	alex	Note Added: 0003839
2011-09-19 16:08	alex	Status	resolved => closed
2011-07-07 13:49	Dmitry	Relationship added	parent of 0001079
2011-06-14 08:56	alex	Changeset attached	5.1.x r14365
2011-06-01 02:50	alex	Note Added: 0003515
2011-06-01 02:50	alex	Status	reviewed and tested => resolved
2011-06-01 02:50	alex	Fixed in Version	=> 5.1.3-B1
2011-06-01 02:50	alex	Resolution	open => fixed
2011-06-01 02:50	alex	Changeset attached	5.1.x r14360
2011-06-01 02:45	alex	Changeset attached	5.1.x r14359
2011-06-01 02:44	alex	Changeset attached	5.1.x r14358
2011-05-23 17:45	Dmitry	Note Added: 0003501
2011-05-23 17:45	Dmitry	Assigned To	!COMMUNITY => alex
2011-05-23 17:45	Dmitry	Status	needs testing => reviewed and tested
2011-05-23 05:16	alex	Time Estimate Removed	2 =>
2011-05-23 05:16	alex	Note Added: 0003496
2011-05-23 05:16	alex	Assigned To	alex => !COMMUNITY
2011-05-23 05:16	alex	Developer	=> alex
2011-05-23 05:16	alex	Status	needs work => needs testing
2011-05-23 05:15	alex	File Added: restricted_folder_modules.patch
2011-05-23 05:15	alex	File Added: restricted_folder_core.patch
2011-05-19 16:18	Dmitry	Description Updated	View Revisions
2011-05-18 13:16	Dmitry	Time Estimate Added	2
2011-05-18 13:16	Dmitry	Assigned To	Dmitry => alex
2011-05-18 13:16	Dmitry	Additional Information Updated	View Revisions
2011-04-04 11:59	Dmitry	Fixed in Version	5.1.3 =>
2011-04-04 11:59	Dmitry	Target Version	Icebox => 5.1.3
2011-04-04 11:59	Dmitry	Assigned To	=> Dmitry
2011-04-04 11:59	Dmitry	Status	active => needs work
2011-04-04 11:59	Dmitry	Fixed in Version	=> 5.1.3
2010-12-13 10:09	Dmitry	New Issue
2010-12-13 10:09	Dmitry	Reference	=> https://groups.google.com/d/topic/in-portal-dev/pi4bweIypGs/discussion
2010-12-13 10:09	Dmitry	Change Log Message	=> Created new restricted folder for logs

Web Development by Intechnic

In-Portal Open Source CMS