Merge pull request #195 from Automattic/fix_sanitising_directories

realpath doesn't like array_walk and add file checks to rebuild
Automattic · Feb 9, 2017 · 02e12ce · 02e12ce
2 parents 41d582b + 7b474ad
commit 02e12ce
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 9 deletions.
diff --git a/wp-cache-phase1.php b/wp-cache-phase1.php
@@ -639,14 +639,16 @@ function wpsc_rebuild_files( $dir ) {
 }
 
 function wpsc_delete_files( $dir, $delete = true ) {
-	global $cache_path, $blog_cache_dir;
+	global $cache_path;
 	static $rp_cache_path = '';
 	static $protected = '';
 
 	// only do this once, this function will be called many times
 	if ( $rp_cache_path == '' ) {
-		$protected = array( $cache_path, $cache_path . $blog_cache_dir, get_supercache_dir() );
-		$protected = array_walk( array_walk( $protected, 'realpath' ), 'trailingslashit' );
+		$protected = array( $cache_path, $cache_path . "blogs/", get_supercache_dir() );
+		foreach( $protected as $id => $directory ) {
+			$protected[ $id ] = trailingslashit( realpath( $directory ) );
+		}
 		$rp_cache_path = trailingslashit( realpath( $cache_path ) );
 	}
 

diff --git a/wp-cache-phase2.php b/wp-cache-phase2.php
@@ -75,11 +75,17 @@ function wp_cache_phase2() {
 }
 
 function wpcache_do_rebuild( $dir ) {
-	global $do_rebuild_list, $cache_path, $blog_cache_dir;
+	global $do_rebuild_list, $cache_path;
 
 	$dir = trailingslashit( realpath( $dir ) );
-	$protected = array( $cache_path, $cache_path . $blog_cache_dir, get_supercache_dir() );
-	$protected = array_walk( array_walk( $protected, 'realpath' ), 'trailingslashit' );
+
+	if ( isset( $do_rebuild_list[ $dir ] ) )
+		return false;
+
+	$protected = array( $cache_path, $cache_path . "blogs/", get_supercache_dir() );
+	foreach( $protected as $id => $directory ) {
+		$protected[ $id ] = trailingslashit( realpath( $directory ) );
+	}
 	$rp_cache_path = trailingslashit( realpath( $cache_path ) );
 
 	if ( substr( $dir, 0, strlen( $rp_cache_path ) ) != $rp_cache_path )
@@ -88,9 +94,6 @@ function wpcache_do_rebuild( $dir ) {
 	if ( in_array( $dir, $protected ) )
 		return false;
 
-	if ( isset( $do_rebuild_list[ $dir ] ) )
-		return false;
-
 	if ( is_dir( $dir ) && $dh = @opendir( $dir ) ) {
 		while ( ( $file = readdir( $dh ) ) !== false ) {
 			if ( $file != '.' && $file != '..' && is_file( $dir . $file ) ) {
@@ -844,12 +847,24 @@ function wp_cache_rebuild_or_delete( $file ) {
 
 	if ( strpos( $file, '?' ) !== false )
 		$file = substr( $file, 0, strpos( $file, '?' ) );
+
 	$file = realpath( $file );
+
 	if ( substr( $file, 0, strlen( $rp_cache_path ) ) != $rp_cache_path ) {
 		wp_cache_debug( "rebuild_or_gc quitting because file is not in cache_path: $file" );
 		return false;
 	}
 
+	if ( $protected == '' ) {
+		$protected = array( $cache_path . "index.html", get_supercache_dir() . "index.html", $cache_path . "blogs/index.html" );
+		foreach( $protected as $id => $directory ) {
+			$protected[ $id ] = trailingslashit( realpath( $directory ) );
+		}
+	}
+
+	if ( in_array( $file, $protected ) )
+		return false;
+
 	if( $cache_rebuild_files && substr( $file, -14 ) != '.needs-rebuild' ) {
 		if( @rename($file, $file . '.needs-rebuild') ) {
 			@touch( $file . '.needs-rebuild' );