View Issue Details

IDProjectCategoryView StatusLast Update
0010753mantisbtfeaturepublic2017-01-18 14:07
Reporterischilling Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Product Version1.2.0rc1 
Summary0010753: Autogenerate Upload Folders if not existing below default
Description

Due to the fact that MANTIS Admins or people allowed to create projects not always the same people allowed to administrate the webserver, it would be great to have subfolders below the default folder autogenerated.

Like f.e.: /BugTracker/ is the default and a project called Design is added, the user might want to have /BugTracker/Design/ as subfolder.

As of by now, the administrator would have to create the Design- Folder.

In terms the configuration to the default folder is made to allow the Webserveruser to modify directories as well as read/write, the Webserveruser could consequently create such folders.

I've done some changements to file_api.php & project_api.php. Since I am not that deep into PHP, my changement is more rudimentary and should be considered to be optimized (f.e. I didn't know how to overload the needed function :( ). Consequently see this as a proof of concept hack - which is working at least for us and for now ;)

See Additional Information for the changes

Additional Information

<b>file_api.php</b>
Line 801 the function file_ensure_valid_upload_path

I added a second function behind as follows:

// Same as file_ensure_valid_upload_path but has a second parameter called $p_CreateIfNotExisting which is, if TRUE, simply mkdir the needed directory
function file_ensure_valid_upload_path_V2( $p_upload_path, $p_CreateIfNotExisting ) {
if( !file_exists( $p_upload_path ) || !is_dir( $p_upload_path ) || !is_writable( $p_upload_path ) || !is_readable( $p_upload_path ) )
{
if ($p_CreateIfNotExisting == TRUE)
if (!file_exists( $p_upload_path ) && (!is_writable( $p_upload_path ) || !is_readable( $p_upload_path ))) // check if it is not a file we try to mkdir on ;o)
{
if (!mkdir($p_upload_path))
{
trigger_error( ERROR_FILE_INVALID_UPLOAD_PATH, ERROR ); // a new constant will be needed here as well !!!!
}
}
else
trigger_error( ERROR_FILE_INVALID_UPLOAD_PATH, ERROR );
else
trigger_error( ERROR_FILE_INVALID_UPLOAD_PATH, ERROR );
}
}

In <b>project_api.php</b> I simply changed Line 273 to:

// file_ensure_valid_upload_path( $p_file_path );
file_ensure_valid_upload_path_V2( $p_file_path, TRUE );

TagsNo tags attached.

Activities

ischilling

ischilling

2009-07-22 09:37

reporter   ~0022545

Maybe, if this is going into Mantis, an option to generally turn this on or off would be good :)

dhx

dhx

2009-07-23 21:40

reporter   ~0022550

Last edited: 2009-07-23 21:41

If this was going to happen it'd best be placed in the installation process (if applicable) and or as a separate administrator script in admin/create_upload_path.php or something along those lines.

Although I disagree with this patch on the basis that the web server user should not have write access one level up from the upload path. You can't mkdir without having write permission in the parent path (something we don't want to do).

ischilling

ischilling

2009-07-24 08:30

reporter   ~0022551

Right, from a security perspective this isn't the greatest thing todo - but with direct user authentification instead of Mantis authentification, at least security could be improved since mkdir would work only within the user context.

If my PHP knowledge would have been better, I would have solved it this way.

Alternatively, a sub-path could be created by adding it to the DB and have an additional daemon, like with Email, creating this path on a schedule base. Therefore of course additional work in terms of handling etc. must be done ;o)