MAGETWO-36791: Fixed too broad permissions on files

Joan He · Joan He · commit c7ce5b307814 · 2015-08-25T16:59:56.000-05:00
diff --git a/app/code/Magento/Backup/Model/Fs/Collection.php b/app/code/Magento/Backup/Model/Fs/Collection.php
@@ -91,7 +91,7 @@ protected function _hideBackupsForApache()
         $filename = '.htaccess';
         if (!$this->_varDirectory->isFile($filename)) {
             $this->_varDirectory->writeFile($filename, 'deny from all');
-            $this->_varDirectory->changePermissions($filename, 0644);
+            $this->_varDirectory->changePermissions($filename, 0640);
         }
     }
 
diff --git a/app/code/Magento/Captcha/Helper/Data.php b/app/code/Magento/Captcha/Helper/Data.php
@@ -149,7 +149,7 @@ public function getImgDir($website = null)
         $mediaDir = $this->_filesystem->getDirectoryWrite(DirectoryList::MEDIA);
         $captchaDir = '/captcha/' . $this->_getWebsiteCode($website);
         $mediaDir->create($captchaDir);
-        $mediaDir->changePermissions($captchaDir, 0775);
+        $mediaDir->changePermissions($captchaDir, Filesystem\DriverInterface::WRITEABLE_DIRECTORY_MODE);
 
         return $mediaDir->getAbsolutePath($captchaDir) . '/';
     }
diff --git a/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php b/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php
@@ -13,6 +13,7 @@
 
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * @SuppressWarnings(PHPMD.ExcessiveClassComplexity)
@@ -396,7 +397,7 @@ public function addImage(
                 $this->_mediaDirectory->copyFile($file, $destinationFile);
 
                 $storageHelper->saveFile($this->_mediaConfig->getTmpMediaShortUrl($fileName));
-                $this->_mediaDirectory->changePermissions($destinationFile, 0777);
+                $this->_mediaDirectory->changePermissions($destinationFile, DriverInterface::WRITEABLE_DIRECTORY_MODE);
             }
         } catch (\Exception $e) {
             throw new LocalizedException(__('We couldn\'t move this file: %1.', $e->getMessage()));
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/WriteTest.php b/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/WriteTest.php
@@ -228,7 +228,7 @@ public function testChangePermissions()
     {
         $directory = $this->getDirectoryInstance('newDir1', 0777);
         $directory->create('test_directory');
-        $this->assertTrue($directory->changePermissions('test_directory', 0644));
+        $this->assertTrue($directory->changePermissions('test_directory', 0640));
     }
 
     /**
diff --git a/dev/tests/performance/framework/Magento/TestFramework/Application.php b/dev/tests/performance/framework/Magento/TestFramework/Application.php
@@ -10,6 +10,7 @@
 namespace Magento\TestFramework;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Filesystem\DriverInterface;
 
 class Application
 {
@@ -184,7 +185,7 @@ protected function _updateFilesystemPermissions()
         )->getDirectoryWrite(
             DirectoryList::VAR_DIR
         );
-        $varDirectory->changePermissions('', 0777);
+        $varDirectory->changePermissions('', DriverInterface::WRITEABLE_DIRECTORY_MODE);
     }
 
     /**
diff --git a/dev/tools/Magento/Tools/Migration/Acl/Db/Logger/File.php b/dev/tools/Magento/Tools/Migration/Acl/Db/Logger/File.php
@@ -6,6 +6,7 @@
 namespace Magento\Tools\Migration\Acl\Db\Logger;
 
 use InvalidArgumentException;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * Db migration logger. Output result put to file
@@ -27,7 +28,7 @@ public function __construct($file)
     {
         $logDir = realpath(__DIR__ . '/../../') . '/log/';
         if (false == is_dir($logDir)) {
-            mkdir($logDir, 0777, true);
+            mkdir($logDir, DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
         if (false == is_writeable($logDir)) {
             throw new InvalidArgumentException('Directory ' . dirname($logDir) . ' is not writeable');
diff --git a/dev/tools/Magento/Tools/Migration/Acl/FileManager.php b/dev/tools/Magento/Tools/Migration/Acl/FileManager.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tools\Migration\Acl;
 
+use Magento\Framework\Filesystem\DriverInterface;
+
 class FileManager
 {
     /**
@@ -15,7 +17,7 @@ class FileManager
     public function write($fileName, $contents)
     {
         if (false == is_dir(dirname($fileName))) {
-            mkdir(dirname($fileName), 0777, true);
+            mkdir(dirname($fileName), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
         file_put_contents($fileName, $contents);
     }
diff --git a/dev/tools/Magento/Tools/Migration/System/Writer/FileSystem.php b/dev/tools/Magento/Tools/Migration/System/Writer/FileSystem.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Tools\Migration\System\Writer;
 
+use Magento\Framework\Filesystem\DriverInterface;
+
 class FileSystem implements \Magento\Tools\Migration\System\WriterInterface
 {
     /**
@@ -15,7 +17,7 @@ class FileSystem implements \Magento\Tools\Migration\System\WriterInterface
     public function write($fileName, $contents)
     {
         if (false == is_dir(dirname($fileName))) {
-            mkdir(dirname($fileName), 0777, true);
+            mkdir(dirname($fileName), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
         file_put_contents($fileName, $contents);
     }
diff --git a/lib/internal/Magento/Framework/Archive/Helper/File.php b/lib/internal/Magento/Framework/Archive/Helper/File.php
@@ -90,7 +90,7 @@ public function __destruct()
      * @throws LocalizedException
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      */
-    public function open($mode = 'w+', $chmod = 0666)
+    public function open($mode = 'w+', $chmod = 0660)
     {
         $this->_isInWriteMode = $this->_isWritableMode($mode);
 
diff --git a/lib/internal/Magento/Framework/Filesystem/Io/IoInterface.php b/lib/internal/Magento/Framework/Filesystem/Io/IoInterface.php
@@ -4,6 +4,7 @@
  * See COPYING.txt for license details.
  */
 namespace Magento\Framework\Filesystem\Io;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * Input/output client interface
@@ -33,7 +34,7 @@ public function close();
      * @param bool $recursive
      * @return bool
      */
-    public function mkdir($dir, $mode = 0777, $recursive = true);
+    public function mkdir($dir, $mode = DriverInterface::WRITEABLE_DIRECTORY_MODE, $recursive = true);
 
     /**
      * Delete a directory
diff --git a/lib/internal/Magento/Framework/Filesystem/Io/Sftp.php b/lib/internal/Magento/Framework/Filesystem/Io/Sftp.php
@@ -7,6 +7,7 @@
 // @codingStandardsIgnoreFile
 
 namespace Magento\Framework\Filesystem\Io;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * Sftp client interface
@@ -76,7 +77,7 @@ public function close()
      * @return bool
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
-    public function mkdir($dir, $mode = 0777, $recursive = true)
+    public function mkdir($dir, $mode = DriverInterface::WRITEABLE_DIRECTORY_MODE, $recursive = true)
     {
         if ($recursive) {
             $no_errors = true;
diff --git a/lib/internal/Magento/Framework/Logger/Handler/Base.php b/lib/internal/Magento/Framework/Logger/Handler/Base.php
@@ -54,7 +54,7 @@ public function write(array $record)
     {
         $logDir = $this->filesystem->getParentDirectory($this->url);
         if (!$this->filesystem->isDirectory($logDir)) {
-            $this->filesystem->createDirectory($logDir, 0777);
+            $this->filesystem->createDirectory($logDir, DriverInterface::WRITEABLE_DIRECTORY_MODE);
         }
 
         parent::write($record);
diff --git a/lib/internal/Magento/Framework/Setup/BackupRollback.php b/lib/internal/Magento/Framework/Setup/BackupRollback.php
@@ -13,6 +13,7 @@
 use Magento\Framework\Backup\Filesystem\Helper;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Filesystem\Driver\File;
+use Magento\Framework\Filesystem\DriverInterface;
 use Magento\Framework\ObjectManagerInterface;
 use Magento\Framework\Phrase;
 
@@ -102,7 +103,7 @@ public function codeBackup($time, $type = Factory::TYPE_FILESYSTEM)
         }
         $backupsDir = $this->directoryList->getPath(DirectoryList::VAR_DIR) . '/' . self::DEFAULT_BACKUP_DIRECTORY;
         if (!$this->file->isExists($backupsDir)) {
-            $this->file->createDirectory($backupsDir, 0777);
+            $this->file->createDirectory($backupsDir, DriverInterface::WRITEABLE_DIRECTORY_MODE);
         }
         $fsBackup->setBackupsDir($backupsDir);
         $fsBackup->setBackupExtension('tgz');
@@ -186,7 +187,7 @@ public function dbBackup($time)
         $dbBackup->setRootDir($this->directoryList->getRoot());
         $backupsDir = $this->directoryList->getPath(DirectoryList::VAR_DIR) . '/' . self::DEFAULT_BACKUP_DIRECTORY;
         if (!$this->file->isExists($backupsDir)) {
-            $this->file->createDirectory($backupsDir, 0777);
+            $this->file->createDirectory($backupsDir, DriverInterface::WRITEABLE_DIRECTORY_MODE);
         }
         $dbBackup->setBackupsDir($backupsDir);
         $dbBackup->setBackupExtension('gz');
diff --git a/lib/internal/Magento/Framework/System/Dirs.php b/lib/internal/Magento/Framework/System/Dirs.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Framework\System;
 
+use Magento\Framework\Filesystem\DriverInterface;
+
 class Dirs
 {
     /**
@@ -73,7 +75,7 @@ public static function rm($dirname)
      * @return true
      * @throws \Exception
      */
-    public static function mkdirStrict($path, $recursive = true, $mode = 0777)
+    public static function mkdirStrict($path, $recursive = true, $mode = DriverInterface::WRITEABLE_DIRECTORY_MODE)
     {
         $exists = file_exists($path);
         if ($exists && is_dir($path)) {
diff --git a/lib/internal/Magento/Framework/System/Ftp.php b/lib/internal/Magento/Framework/System/Ftp.php
@@ -5,6 +5,7 @@
  */
 
 namespace Magento\Framework\System;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * Class to work with remote FTP server
@@ -50,7 +51,7 @@ public function mdkir($name)
      * @param int $mode
      * @return bool
      */
-    public function mkdirRecursive($path, $mode = 0777)
+    public function mkdirRecursive($path, $mode = DriverInterface::WRITEABLE_DIRECTORY_MODE)
     {
         $this->checkConnected();
         $dir = explode("/", $path);
@@ -217,7 +218,7 @@ public function raw($cmd)
      * @return bool
      * @throws \Exception
      */
-    public function upload($remote, $local, $dirMode = 0777, $ftpMode = FTP_BINARY)
+    public function upload($remote, $local, $dirMode = DriverInterface::WRITEABLE_DIRECTORY_MODE, $ftpMode = FTP_BINARY)
     {
         $this->checkConnected();
 
diff --git a/pub/errors/processor.php b/pub/errors/processor.php
@@ -4,6 +4,7 @@
  * See COPYING.txt for license details.
  */
 namespace Magento\Framework\Error;
+use Magento\Framework\Filesystem\DriverInterface;
 
 /**
  * Error processor
@@ -453,11 +454,11 @@ public function saveReport($reportData)
         $this->_setReportData($reportData);
 
         if (!file_exists($this->_reportDir)) {
-            @mkdir($this->_reportDir, 0777, true);
+            @mkdir($this->_reportDir, DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
 
         @file_put_contents($this->_reportFile, serialize($reportData));
-        @chmod($this->_reportFile, 0777);
+        @chmod($this->_reportFile, DriverInterface::WRITEABLE_DIRECTORY_MODE);
 
         if (isset($reportData['skin']) && self::DEFAULT_SKIN != $reportData['skin']) {
             $this->_setSkin($reportData['skin']);
diff --git a/setup/src/Magento/Setup/Console/Command/DiCompileMultiTenantCommand.php b/setup/src/Magento/Setup/Console/Command/DiCompileMultiTenantCommand.php
@@ -5,6 +5,7 @@
  */
 namespace Magento\Setup\Console\Command;
 
+use Magento\Framework\Filesystem\DriverInterface;
 use Magento\Setup\Model\ObjectManagerProvider;
 use Magento\Framework\App\ObjectManager;
 use Symfony\Component\Console\Input\InputInterface;
@@ -351,7 +352,7 @@ private function compileCode($generationDir, $fileExcludePatterns, $input)
         $relations = $directoryInstancesNamesList->getRelations();
         // 2.2 Compression
         if (!file_exists(dirname($relationsFile))) {
-            mkdir(dirname($relationsFile), 0777, true);
+            mkdir(dirname($relationsFile), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
         $relations = array_filter($relations);
         file_put_contents($relationsFile, $serializer->serialize($relations));
@@ -368,7 +369,7 @@ private function compileCode($generationDir, $fileExcludePatterns, $input)
         }
         $outputContent = $serializer->serialize($pluginDefinitions);
         if (!file_exists(dirname($pluginDefFile))) {
-            mkdir(dirname($pluginDefFile), 0777, true);
+            mkdir(dirname($pluginDefFile), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);
         }
         file_put_contents($pluginDefFile, $outputContent);
     }
diff --git a/setup/src/Magento/Setup/Module/I18n/Pack/Writer/File/AbstractFile.php b/setup/src/Magento/Setup/Module/I18n/Pack/Writer/File/AbstractFile.php
@@ -143,7 +143,7 @@ abstract protected function _getFileExtension();
      * @param bool $recursive Allows the creation of nested directories specified in the $destinationPath
      * @return void
      */
-    protected function _createDirectoryIfNotExist($destinationPath, $mode = 0755, $recursive = true)
+    protected function _createDirectoryIfNotExist($destinationPath, $mode = 0750, $recursive = true)
     {
         if (!is_dir($destinationPath)) {
             mkdir($destinationPath, $mode, $recursive);

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ protected function _hideBackupsForApache()`
`91`	`91`	`$filename = '.htaccess';`
`92`	`92`	`if (!$this->_varDirectory->isFile($filename)) {`
`93`	`93`	`$this->_varDirectory->writeFile($filename, 'deny from all');`
`94`		`- $this->_varDirectory->changePermissions($filename, 0644);`
	`94`	`+ $this->_varDirectory->changePermissions($filename, 0640);`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ public function getImgDir($website = null)`
`149`	`149`	`$mediaDir = $this->_filesystem->getDirectoryWrite(DirectoryList::MEDIA);`
`150`	`150`	`$captchaDir = '/captcha/' . $this->_getWebsiteCode($website);`
`151`	`151`	`$mediaDir->create($captchaDir);`
`152`		`- $mediaDir->changePermissions($captchaDir, 0775);`
	`152`	`+ $mediaDir->changePermissions($captchaDir, Filesystem\DriverInterface::WRITEABLE_DIRECTORY_MODE);`
`153`	`153`
`154`	`154`	`return $mediaDir->getAbsolutePath($captchaDir) . '/';`
`155`	`155`	`}`
Original file line number	Diff line number	Diff line change
`@@ -228,7 +228,7 @@ public function testChangePermissions()`
`228`	`228`	`{`
`229`	`229`	`$directory = $this->getDirectoryInstance('newDir1', 0777);`
`230`	`230`	`$directory->create('test_directory');`
`231`		`- $this->assertTrue($directory->changePermissions('test_directory', 0644));`
	`231`	`+ $this->assertTrue($directory->changePermissions('test_directory', 0640));`
`232`	`232`	`}`
`233`	`233`
`234`	`234`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@`
`10`	`10`	`namespace Magento\TestFramework;`
`11`	`11`
`12`	`12`	`use Magento\Framework\App\Filesystem\DirectoryList;`
	`13`	`+use Magento\Framework\Filesystem\DriverInterface;`
`13`	`14`
`14`	`15`	`class Application`
`15`	`16`	`{`
`@@ -184,7 +185,7 @@ protected function _updateFilesystemPermissions()`
`184`	`185`	`)->getDirectoryWrite(`
`185`	`186`	`DirectoryList::VAR_DIR`
`186`	`187`	`);`
`187`		`- $varDirectory->changePermissions('', 0777);`
	`188`	`+ $varDirectory->changePermissions('', DriverInterface::WRITEABLE_DIRECTORY_MODE);`
`188`	`189`	`}`
`189`	`190`
`190`	`191`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`namespace Magento\Tools\Migration\Acl\Db\Logger;`
`7`	`7`
`8`	`8`	`use InvalidArgumentException;`
	`9`	`+use Magento\Framework\Filesystem\DriverInterface;`
`9`	`10`
`10`	`11`	`/**`
`11`	`12`	`* Db migration logger. Output result put to file`
`@@ -27,7 +28,7 @@ public function __construct($file)`
`27`	`28`	`{`
`28`	`29`	`$logDir = realpath(__DIR__ . '/../../') . '/log/';`
`29`	`30`	`if (false == is_dir($logDir)) {`
`30`		`- mkdir($logDir, 0777, true);`
	`31`	`+ mkdir($logDir, DriverInterface::WRITEABLE_DIRECTORY_MODE, true);`
`31`	`32`	`}`
`32`	`33`	`if (false == is_writeable($logDir)) {`
`33`	`34`	`throw new InvalidArgumentException('Directory ' . dirname($logDir) . ' is not writeable');`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@`
`5`	`5`	`*/`
`6`	`6`	`namespace Magento\Tools\Migration\Acl;`
`7`	`7`
	`8`	`+use Magento\Framework\Filesystem\DriverInterface;`
	`9`	`+`
`8`	`10`	`class FileManager`
`9`	`11`	`{`
`10`	`12`	`/**`
`@@ -15,7 +17,7 @@ class FileManager`
`15`	`17`	`public function write($fileName, $contents)`
`16`	`18`	`{`
`17`	`19`	`if (false == is_dir(dirname($fileName))) {`
`18`		`- mkdir(dirname($fileName), 0777, true);`
	`20`	`+ mkdir(dirname($fileName), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);`
`19`	`21`	`}`
`20`	`22`	`file_put_contents($fileName, $contents);`
`21`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@`
`5`	`5`	`*/`
`6`	`6`	`namespace Magento\Tools\Migration\System\Writer;`
`7`	`7`
	`8`	`+use Magento\Framework\Filesystem\DriverInterface;`
	`9`	`+`
`8`	`10`	`class FileSystem implements \Magento\Tools\Migration\System\WriterInterface`
`9`	`11`	`{`
`10`	`12`	`/**`
`@@ -15,7 +17,7 @@ class FileSystem implements \Magento\Tools\Migration\System\WriterInterface`
`15`	`17`	`public function write($fileName, $contents)`
`16`	`18`	`{`
`17`	`19`	`if (false == is_dir(dirname($fileName))) {`
`18`		`- mkdir(dirname($fileName), 0777, true);`
	`20`	`+ mkdir(dirname($fileName), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);`
`19`	`21`	`}`
`20`	`22`	`file_put_contents($fileName, $contents);`
`21`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ public function __destruct()`
`90`	`90`	`* @throws LocalizedException`
`91`	`91`	`* @SuppressWarnings(PHPMD.CyclomaticComplexity)`
`92`	`92`	`*/`
`93`		`- public function open($mode = 'w+', $chmod = 0666)`
	`93`	`+ public function open($mode = 'w+', $chmod = 0660)`
`94`	`94`	`{`
`95`	`95`	`$this->_isInWriteMode = $this->_isWritableMode($mode);`
`96`	`96`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function write(array $record)`
`54`	`54`	`{`
`55`	`55`	`$logDir = $this->filesystem->getParentDirectory($this->url);`
`56`	`56`	`if (!$this->filesystem->isDirectory($logDir)) {`
`57`		`- $this->filesystem->createDirectory($logDir, 0777);`
	`57`	`+ $this->filesystem->createDirectory($logDir, DriverInterface::WRITEABLE_DIRECTORY_MODE);`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`parent::write($record);`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`*/`
`6`	`6`	`namespace Magento\Setup\Console\Command;`
`7`	`7`
	`8`	`+use Magento\Framework\Filesystem\DriverInterface;`
`8`	`9`	`use Magento\Setup\Model\ObjectManagerProvider;`
`9`	`10`	`use Magento\Framework\App\ObjectManager;`
`10`	`11`	`use Symfony\Component\Console\Input\InputInterface;`
`@@ -351,7 +352,7 @@ private function compileCode($generationDir, $fileExcludePatterns, $input)`
`351`	`352`	`$relations = $directoryInstancesNamesList->getRelations();`
`352`	`353`	`// 2.2 Compression`
`353`	`354`	`if (!file_exists(dirname($relationsFile))) {`
`354`		`- mkdir(dirname($relationsFile), 0777, true);`
	`355`	`+ mkdir(dirname($relationsFile), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);`
`355`	`356`	`}`
`356`	`357`	`$relations = array_filter($relations);`
`357`	`358`	`file_put_contents($relationsFile, $serializer->serialize($relations));`
`@@ -368,7 +369,7 @@ private function compileCode($generationDir, $fileExcludePatterns, $input)`
`368`	`369`	`}`
`369`	`370`	`$outputContent = $serializer->serialize($pluginDefinitions);`
`370`	`371`	`if (!file_exists(dirname($pluginDefFile))) {`
`371`		`- mkdir(dirname($pluginDefFile), 0777, true);`
	`372`	`+ mkdir(dirname($pluginDefFile), DriverInterface::WRITEABLE_DIRECTORY_MODE, true);`
`372`	`373`	`}`
`373`	`374`	`file_put_contents($pluginDefFile, $outputContent);`
`374`	`375`	`}`