diff options
| author |  Andriy Utkin <hello@autkin.net>
| 2024-11-18 09:57:50 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-11-18 10:57:50 +0100 |
| commit | 966f211202bc2ed6bf56b64e1ea3c4804e93c404 (patch) | |
| tree | b87af10a5975e213031fdab3068b8584486c89d9 /app/Controllers/userController.php | |
| parent | 5b9248f45f0ce93f9ffe2252f5fb955032ecd529 (diff) | |
Avoid race condition in users' homedir creation (#7000)
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 475dcd4db..35d5a84c8 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -229,6 +229,10 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { $ok = self::checkUsername($new_user_name); $homeDir = join_path(DATA_PATH, 'users', $new_user_name); + // create basepath if missing + if (!is_dir(join_path(DATA_PATH, 'users'))) { + $ok &= mkdir(join_path(DATA_PATH, 'users'), 0770, true); + } $configPath = ''; if ($ok) { @@ -243,10 +247,12 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { $ok &= !file_exists($configPath); } if ($ok) { - if (!is_dir($homeDir)) { - mkdir($homeDir, 0770, true); + // $homeDir must not exist beforehand, + // otherwise it might be multiple remote parties racing to register one username + $ok = mkdir($homeDir, 0770, true); + if ($ok) { + $ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false); } - $ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false); } if ($ok) { $newUserDAO = FreshRSS_Factory::createUserDao($new_user_name); |