2011-07-20 07:48:38 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Local disk storage engine. Keeps files on local disk. This engine is easy
|
|
|
|
* to set up, but it doesn't work if you have multiple web frontends!
|
|
|
|
*
|
|
|
|
* @task impl Implementation
|
|
|
|
* @task internal Internals
|
|
|
|
* @group filestorage
|
|
|
|
*/
|
|
|
|
final class PhabricatorLocalDiskFileStorageEngine
|
|
|
|
extends PhabricatorFileStorageEngine {
|
|
|
|
|
|
|
|
|
|
|
|
/* -( Implementation )----------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This engine identifies as "local-disk".
|
|
|
|
* @task impl
|
|
|
|
*/
|
|
|
|
public function getEngineIdentifier() {
|
|
|
|
return 'local-disk';
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write the file data to local disk. Returns the relative path as the
|
|
|
|
* file data handle.
|
|
|
|
* @task impl
|
|
|
|
*/
|
|
|
|
public function writeFile($data, array $params) {
|
|
|
|
|
|
|
|
$root = $this->getLocalDiskFileStorageRoot();
|
|
|
|
|
|
|
|
// Generate a random, unique file path like "ab/29/1f918a9ac39201ff". We
|
|
|
|
// put a couple of subdirectories up front to avoid a situation where we
|
|
|
|
// have one directory with a zillion files in it, since this is generally
|
|
|
|
// bad news.
|
|
|
|
do {
|
|
|
|
$name = md5(mt_rand());
|
|
|
|
$name = preg_replace('/^(..)(..)(.*)$/', '\\1/\\2/\\3', $name);
|
|
|
|
if (!Filesystem::pathExists($root.'/'.$name)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while (true);
|
|
|
|
|
|
|
|
$parent = $root.'/'.dirname($name);
|
|
|
|
if (!Filesystem::pathExists($parent)) {
|
|
|
|
execx('mkdir -p %s', $parent);
|
|
|
|
}
|
|
|
|
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
AphrontWriteGuard::willWrite();
|
2011-07-20 07:48:38 +02:00
|
|
|
Filesystem::writeFile($root.'/'.$name, $data);
|
|
|
|
|
|
|
|
return $name;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read the file data off local disk.
|
|
|
|
* @task impl
|
|
|
|
*/
|
|
|
|
public function readFile($handle) {
|
|
|
|
$path = $this->getLocalDiskFileStorageFullPath($handle);
|
|
|
|
return Filesystem::readFile($path);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Deletes the file from local disk, if it exists.
|
|
|
|
* @task impl
|
|
|
|
*/
|
|
|
|
public function deleteFile($handle) {
|
|
|
|
$path = $this->getLocalDiskFileStorageFullPath($handle);
|
|
|
|
if (Filesystem::pathExists($path)) {
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
AphrontWriteGuard::willWrite();
|
2011-07-20 07:48:38 +02:00
|
|
|
Filesystem::remove($path);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* -( Internals )---------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the configured local disk path for file storage.
|
|
|
|
*
|
|
|
|
* @return string Absolute path to somewhere that files can be stored.
|
|
|
|
* @task internal
|
|
|
|
*/
|
|
|
|
private function getLocalDiskFileStorageRoot() {
|
|
|
|
$root = PhabricatorEnv::getEnvConfig('storage.local-disk.path');
|
|
|
|
|
|
|
|
if (!$root || $root == '/' || $root[0] != '/') {
|
2012-04-09 00:07:34 +02:00
|
|
|
throw new PhabricatorFileStorageConfigurationException(
|
2011-07-20 07:48:38 +02:00
|
|
|
"Malformed local disk storage root. You must provide an absolute ".
|
|
|
|
"path, and can not use '/' as the root.");
|
|
|
|
}
|
|
|
|
|
|
|
|
return rtrim($root, '/');
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Convert a handle into an absolute local disk path.
|
|
|
|
*
|
|
|
|
* @param string File data handle.
|
|
|
|
* @return string Absolute path to the corresponding file.
|
|
|
|
* @task internal
|
|
|
|
*/
|
|
|
|
private function getLocalDiskFileStorageFullPath($handle) {
|
|
|
|
// Make sure there's no funny business going on here. Users normally have
|
|
|
|
// no ability to affect the content of handles, but double-check that
|
|
|
|
// we're only accessing local storage just in case.
|
|
|
|
if (!preg_match('@^[a-f0-9]{2}/[a-f0-9]{2}/[a-f0-9]{28}$@', $handle)) {
|
|
|
|
throw new Exception(
|
|
|
|
"Local disk filesystem handle '{$handle}' is malformed!");
|
|
|
|
}
|
|
|
|
$root = $this->getLocalDiskFileStorageRoot();
|
|
|
|
return $root.'/'.$handle;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|