[Solar-svn] Revision 3135
pmjones at solarphp.com
pmjones at solarphp.com
Sun Apr 27 11:48:10 CDT 2008
Solar_Cache_Adapter_File: [CHG] New config param 'hash' allows you to turn hashing of the entry key on and off (default 'true', on).
Modified: trunk/Solar/Cache/Adapter/File.php
===================================================================
--- trunk/Solar/Cache/Adapter/File.php 2008-04-27 16:35:41 UTC (rev 3134)
+++ trunk/Solar/Cache/Adapter/File.php 2008-04-27 16:47:59 UTC (rev 3135)
@@ -68,6 +68,7 @@
'path' => null, // default set in constructor
'mode' => 0740,
'context' => null,
+ 'hash' => true,
);
/**
@@ -81,6 +82,15 @@
/**
*
+ * Whether or not to hash key names.
+ *
+ * @var bool
+ *
+ */
+ protected $_hash;
+
+ /**
+ *
* A stream context resource to define how the input/output for the cache
* is handled.
*
@@ -104,9 +114,12 @@
// basic construction
parent::__construct($config);
- // keep local values so they can't be changed
+ // path to storage
$this->_path = Solar_Dir::fix($this->_config['path']);
+ // whether or not to hash
+ $this->_hash = $this->_config['hash'];
+
// build the context property
if (is_resource($this->_config['context'])) {
// assume it's a context resource
@@ -154,43 +167,51 @@
$serial = false;
}
+ // what file should we write to?
+ $file = $this->entry($key);
+
+ // does the directory exist?
+ $dir = dirname($file);
+ if (! is_dir($dir)) {
+ mkdir($dir, $this->_config['mode'], true, $this->_context);
+ }
+
// open the file for over-writing. not using file_put_contents
// becuase we may need to write a serial file too (and avoid race
// conditions while doing so). don't use include path.
- $file = $this->entry($key);
- $fp = @fopen($file, 'wb', false, $this->_context);
+ $fp = fopen($file, 'wb', false, $this->_context);
// was it opened?
- if ($fp) {
-
- // yes. exclusive lock for writing.
- flock($fp, LOCK_EX);
-
- // don't need the 3rd param (byte length) because Solar has
- // already turned off magic_quotes_runtime.
- // <http://php.net/fwrite>
- fwrite($fp, $data);
-
- // add a .serial file? (do this while the file is locked to avoid
- // race conditions)
- if ($serial) {
- // use this instead of touch() because it supports stream
- // contexts.
- file_put_contents($file . '.serial', null, LOCK_EX, $this->_context);
- } else {
- // make sure no serial file is there from any previous entries
- // with the same name
- @unlink($file . '.serial', $this->_context);
- }
-
- // unlock and close, then done.
- flock($fp, LOCK_UN);
- fclose($fp);
- return true;
+ if (! $fp) {
+ // could not open the file for writing.
+ return false;
}
- // could not open the file for writing.
- return false;
+ // set exclusive lock for writing.
+ flock($fp, LOCK_EX);
+
+ // don't need the 3rd param (byte length) because Solar has
+ // already turned off magic_quotes_runtime.
+ // <http://php.net/fwrite>
+ fwrite($fp, $data);
+
+ // add a .serial file? (do this while the file is locked to avoid
+ // race conditions)
+ if ($serial) {
+ // use this instead of touch() because it supports stream
+ // contexts.
+ file_put_contents($file . '.serial', null, LOCK_EX, $this->_context);
+ } else {
+ // make sure no serial file is there from any previous entries
+ // with the same name
+ @unlink($file . '.serial', $this->_context);
+ }
+
+ // unlock and close, then done.
+ flock($fp, LOCK_UN);
+ fclose($fp);
+ return true;
+
}
/**
@@ -371,7 +392,15 @@
*/
public function entry($key)
{
- return $this->_path . hash('md5', $key);
+ if ($this->_config['hash']) {
+ return $this->_path . hash('md5', $key);
+ } else {
+ // try to avoid file traversal exploits
+ $key = str_replace('..', '_', $key);
+ // colons mess up Mac OS X
+ $key = str_replace(':', '_', $key);
+ // done
+ return $this->_path . $key;
+ }
}
}
-
More information about the Solar-svn
mailing list