[Fusionforge-commits] r15066 - trunk/src/plugins/scmsvn/common

Franck VILLAUME nerville at fusionforge.org
Sat Feb 11 23:24:10 CET 2012


Author: nerville
Date: 2012-02-11 23:24:09 +0100 (Sat, 11 Feb 2012)
New Revision: 15066

Modified:
   trunk/src/plugins/scmsvn/common/SVNPlugin.class.php
Log:
fix security flaw: avoid world readable

Modified: trunk/src/plugins/scmsvn/common/SVNPlugin.class.php
===================================================================
--- trunk/src/plugins/scmsvn/common/SVNPlugin.class.php	2012-02-11 14:49:18 UTC (rev 15065)
+++ trunk/src/plugins/scmsvn/common/SVNPlugin.class.php	2012-02-11 22:24:09 UTC (rev 15066)
@@ -259,8 +259,13 @@
 		if (forge_get_config('use_ssh', 'scmsvn')) {
 			$unix_group = 'scm_' . $project->getUnixName();
 			system("find $repo -type d | xargs chmod g+s");
-			system("chgrp -R $unix_group $repo");
-			if ($project->enableAnonSCM() || forge_get_config('use_dav', 'scmsvn')) {
+			if (forge_get_config('use_dav', 'scmsvn')) {
+				$unix_user = forge_get_config('apache_user');
+				system("chown -R $unix_user:$unix_group $repo");
+			} else {
+				system("chgrp -R $unix_group $repo");
+			}
+			if ($project->enableAnonSCM()) {
 				system("chmod -R g+wX,o+rX-w $repo");
 			} else {
 				system("chmod -R g+wX,o-rwx $repo");




More information about the Fusionforge-commits mailing list