Additional ptrefixcheck on company creation, safer company removal sequence.

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index ef507aa8b1dd9775bf58476971f9bbec23caf52b..ebe86ad8faaa33277d4f4ba4a3b8d452e9ff5218 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,11 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+06-Dec-2009 Janusz Dobrowolski
+# Safer algorithm for company removal, additional prefix check on company add.
+$ /admin/create_coy.php
+  /admin/db/maintenance_db.inc
+
 04-Dec-2009 Janusz Dobrowolski
 # [0000179] Cannot allocate ST_BANKPAYMENT type payments
 $ /includes/ui/allocation_cart.inc

diff --git a/admin/create_coy.php b/admin/create_coy.php
index e1b2882fb762ea95dd8111dec6bcae76d7f282e2..77b7fdf103458763f8a915f72cebebaa0f1a806d 100644 (file)
--- a/admin/create_coy.php
+++ b/admin/create_coy.php
@@ -52,7 +52,7 @@ function check_data()
                                display_error(_("This database settings are already used by another company."));
                                return false;
                        }
-                       if ($_POST['tbpref'] == 0 || $con['tbpref'] == '')
+                       if (($_POST['tbpref'] == 0) ^ ($con['tbpref'] == ''))
                        {
                                display_error(_("You cannot have table set without prefix together with prefixed sets in the same database."));
                                return false;
@@ -160,22 +160,39 @@ function handle_submit()
 
 function handle_delete()
 {
-       global $comp_path, $def_coy, $db_connections, $comp_subdirs;
+       global $comp_path, $def_coy, $db_connections, $comp_subdirs, $path_to_root;
 
        $id = $_GET['id'];
 
-       $cdir = $comp_path.'/'.$id;
-       @flush_dir($cdir, true);
-       if (!rmdir($cdir))
+       // First make sure all company directories from the one under removal are writable. 
+       // Without this after operation we end up with changed per-company owners!
+       for($i = $id; $i < count($db_connections); $i++) {
+               if (!is_dir($comp_path.'/'.$i) || !is_writable($comp_path.'/'.$i)) {
+                       display_error(_('Broken company subdirectories system. You have to remove this company manually.'));
+                       return;
+               }
+       }
+       // make sure config file is writable
+       if (!is_writeable($path_to_root . "/config_db.php"))
        {
-               display_error(_("Cannot remove company data directory ") . $cdir);
+               display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
+               return;
+       }
+       // rename directory to temporary name to ensure all
+       // other subdirectories will have right owners even after
+       // unsuccessfull removal.
+       $cdir = $comp_path.'/'.$id;
+       $tmpname  = $comp_path.'/old_'.$id;
+       if (!@rename($cdir, $tmpname)) {
+               display_error(_('Cannot rename subdirectory to temporary name.'));
                return;
        }
-       for($i = $id+1; $i < count($db_connections); $i++) {
+       // 'shift' company directories names
+       for ($i = $id+1; $i < count($db_connections); $i++) {
                if (!rename($comp_path.'/'.$i, $comp_path.'/'.($i-1))) {
                        display_error(_("Cannot rename company subdirectory"));
                        return;
-               }       
+               }
        }
        $err = remove_connection($id);
        if ($err == 0)
@@ -190,8 +207,17 @@ function handle_delete()
                display_error(_("Cannot write to the configuration file - ") . $path_to_root . "/config_db.php");
        else if ($error == -3)
                display_error(_("The configuration file ") . $path_to_root . "/config_db.php" . _(" is not writable. Change its permissions so it is, then re-run the operation."));
-       if ($error != 0)
+       if ($error != 0) {
+               @rename($tmpname, $cdir);
                return;
+       }
+       // finally remove renamed company directory
+       @flush_dir($tmpname, true);
+       if (!@rmdir($tmpname))
+       {
+               display_error(_("Cannot remove temporary renamed company data directory ") . $tmpname);
+               return;
+       }
 
        meta_forward($_SERVER['PHP_SELF']);
 }

diff --git a/admin/db/maintenance_db.inc b/admin/db/maintenance_db.inc
index df1abfd9cbf76de1bc5527202fe21ef86653eee3..adac0f63fe959dced38c9a796dc5ead35b98f9a3 100644 (file)
--- a/admin/db/maintenance_db.inc
+++ b/admin/db/maintenance_db.inc
@@ -98,7 +98,7 @@ function write_config_db($new = false)
 
        $filename = $path_to_root . "/config_db.php";
        // Check if the file exists and is writable first.
-       if (!file_exists($filename) || (is_writable($path_to_root) && is_writable($filename)))
+       if ((!file_exists($filename) && is_writable($path_to_root)) || is_writable($filename))
        {
                if (!$zp = fopen($filename, 'w'))
                {