PageRenderTime 57ms CodeModel.GetById 30ms RepoModel.GetById 1ms app.codeStats 0ms

/backup_migrate/includes/destinations.file.inc

#
Pascal | 272 lines | 138 code | 19 blank | 115 comment | 18 complexity | 73915a1c50b9c6bcd6f5567759e885dc MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php
    2. 

  2. 

  3. 

  4. /**
    5. 

  5.  * @file
    6. 

  6.  * A destination type for saving locally to the server.
    7. 

  7.  */
    8. 

  8. 

  9. /**
    10. 

  10.  * A destination type for saving locally to the server.
    11. 

  11.  *
    12. 

  12.  * @ingroup backup_migrate_destinations
    13. 

  13.  */
    14. 

  14. 

  15. class backup_migrate_destination_files extends backup_migrate_destination {
    16. 

  16.   var $supported_ops = array('scheduled backup', 'manual backup', 'restore', 'list files', 'configure', 'delete');
    17. 

  17. 

  18.   function type_name() {
    19. 

  19.     return t("Server Directory");
    20. 

  20.   }
    21. 

  21. 

  22.   /**
    23. 

  23.    * Get the file location.
    24. 

  24.    */
    25. 

  25.   function get_realpath() {
    26. 

  26.     return drupal_realpath($this->get_location());
    27. 

  27.   }
    28. 

  28. 

  29.   /**
    30. 

  30.    * File save destination callback.
    31. 

  31.    */
    32. 

  32.   function _save_file($file, $settings) {
    33. 

  33.     if ($dir = $this->get_location()) {
    34. 

  34.       if ($dir = $this->check_dir($dir)) {
    35. 

  35.         $filepath = rtrim($dir, "/") ."/". $file->filename();
    36. 

  36.         if (file_unmanaged_move($file->filepath(), $filepath)) {
    37. 

  37.   
    38. 

  38.           // chmod, chown and chgrp the file if needed.
    39. 

  39.           if ($chmod = $this->settings('chmod')) {
    40. 

  40.             if (!@drupal_chmod($filepath, octdec($chmod))) {
    41. 

  41.               _backup_migrate_message('Unable to set the file mode for: @file', array('@file' => $filepath), 'error');
    42. 

  42.             }
    43. 

  43.           }
    44. 

  44.           if ($chgrp = $this->settings('chgrp')) {
    45. 

  45.             if (!@chgrp($filepath, $chgrp)) {
    46. 

  46.               _backup_migrate_message('Unable to set the file group for: @file', array('@file' => $filepath), 'error');
    47. 

  47.             }
    48. 

  48.           }
    49. 

  49.           return $file;
    50. 

  50.         }
    51. 

  51.         else {
    52. 

  52.           _backup_migrate_message('Unable to save the file to the directory: @dir', array('@dir' => $dir), 'error');
    53. 

  53.         }
    54. 

  54.       }
    55. 

  55.     }
    56. 

  56.   }
    57. 

  57. 

  58.   /**
    59. 

  59.    * Determine if we can read the given file.
    60. 

  60.    */
    61. 

  61.   function can_read_file($file_id) {
    62. 

  62.     return $this->op('restore') && is_readable($this->get_filepath($file_id));
    63. 

  63.   }
    64. 

  64. 

  65.   /**
    66. 

  66.    * File load destination callback.
    67. 

  67.    */
    68. 

  68.   function load_file($file_id) {
    69. 

  69.     $filepath = $this->get_filepath($file_id);
    70. 

  70.     if (file_exists($filepath)) {
    71. 

  71.       backup_migrate_include('files');
    72. 

  72.       return new backup_file(array('filepath' => $filepath));
    73. 

  73.     }
    74. 

  74.   }
    75. 

  75. 

  76.   /**
    77. 

  77.    * File list destination callback.
    78. 

  78.    */
    79. 

  79.   function _list_files() {
    80. 

  80.     $files = array();
    81. 

  81.     if ($dir = $this->get_realpath()) {
    82. 

  82.       if ($handle = @opendir($dir)) {
    83. 

  83.         backup_migrate_include('files');
    84. 

  84.         while (FALSE !== ($file = readdir($handle))) {
    85. 

  85.           $filepath = $dir ."/". $file;
    86. 

  86.           $files[$file] = new backup_file(array('filepath' => $filepath));
    87. 

  87.         }
    88. 

  88.       }
    89. 

  89.     }
    90. 

  90.     return $files;
    91. 

  91.   }
    92. 

  92. 

  93.   /**
    94. 

  94.    * File delete destination callback.
    95. 

  95.    */
    96. 

  96.   function delete_file($file_id) {
    97. 

  97.     $filepath = $this->get_filepath($file_id);
    98. 

  98.     file_unmanaged_delete($filepath);
    99. 

  99.   }
    100. 

  100. 

  101.   /**
    102. 

  102.    * Get the filepath from the given file id.
    103. 

  103.    */
    104. 

  104.   function get_filepath($file_id) {
    105. 

  105.     if ($dir = $this->get_realpath()) {
    106. 

  106.       $filepath = rtrim($dir, '/') .'/'. $file_id;
    107. 

  107.       return $filepath;
    108. 

  108.     }
    109. 

  109.     return FALSE;
    110. 

  110.   }
    111. 

  111. 

  112.   /**
    113. 

  113.    * Get the form for the settings for the files destination.
    114. 

  114.    */
    115. 

  115.   function edit_form() {
    116. 

  116.     $form = parent::edit_form();
    117. 

  117.     $form['location'] = array(
    118. 

  118.       "#type" => "textfield",
    119. 

  119.       "#title" => t("Directory path"),
    120. 

  120.       "#default_value" => $this->get_location(),
    121. 

  121.       "#required" => TRUE,
    122. 

  122.       "#description" => t('Enter the path to the directory to save the backups to. Use a relative path to pick a path relative to your Drupal root directory. The web server must be able to write to this path.'),
    123. 

  123.     );
    124. 

  124.     $form['settings'] = array(
    125. 

  125.       '#type' => 'fieldset',
    126. 

  126.       '#title' => t('Advanced Settings'),
    127. 

  127.       '#tree' => TRUE,
    128. 

  128.       '#collapsible' => TRUE,
    129. 

  129.       '#collapsed' => TRUE,
    130. 

  130.     );
    131. 

  131.     if (function_exists('chmod')) {
    132. 

  132.       $form['settings']['chmod'] = array(
    133. 

  133.         '#type' => 'textfield',
    134. 

  134.         '#title' => t('Change file mode (chmod)'),
    135. 

  135.         '#size' => 5,
    136. 

  136.         '#default_value' => $this->settings('chmod'),
    137. 

  137.         '#description' => t('If you enter a value here, backup files will be chmoded with the mode you specify. Specify the mode in octal form (e.g. 644 or 0644) or leave blank to disable this feature.'),
    138. 

  138.       );
    139. 

  139.     }
    140. 

  140.     if (function_exists('chgrp')) {
    141. 

  141.       $form['settings']['chgrp'] = array(
    142. 

  142.         '#type' => 'textfield',
    143. 

  143.         '#title' => t('Change file group (chgrp)'),
    144. 

  144.         '#size' => 5,
    145. 

  145.         '#default_value' => $this->settings('chgrp'),
    146. 

  146.         '#description' => t('If you enter a value here, backup files will be chgrped to the group you specify. Leave blank to disable this feature.'),
    147. 

  147.       );
    148. 

  148.     }
    149. 

  149.     return $form;
    150. 

  150.   }
    151. 

  151. 

  152.   /**
    153. 

  153.    * Validate the form for the settings for the files destination.
    154. 

  154.    */
    155. 

  155.   function edit_form_validate($form, &$form_state) {
    156. 

  156.     $values = $form_state['values'];
    157. 

  157.     if (isset($values['settings']['chmod']) && !empty($values['settings']['chmod']) && !preg_match('/0?[0-7]{3}/', $values['settings']['chmod'])) {
    158. 

  158.       form_set_error('chmod', t('You must enter a valid chmod octal value (e.g. 644 or 0644) in the change mode field, or leave it blank.'));
    159. 

  159.     }
    160. 

  160.     parent::edit_form_validate($form, $form_state);
    161. 

  161.   }
    162. 

  162. 

  163.   /**
    164. 

  164.    * Submit the form for the settings for the files destination.
    165. 

  165.    */
    166. 

  166.   function edit_form_submit($form, &$form_state) {
    167. 

  167.     // Add a 0 to the start of a 3 digit file mode to make it proper PHP encoded octal.
    168. 

  168.     if (strlen($form_state['values']['settings']['chmod']) == 3) {
    169. 

  169.       $form_state['values']['settings']['chmod'] = '0' . $form_state['values']['settings']['chmod'];
    170. 

  170.     }
    171. 

  171.     parent::edit_form_submit($form, $form_state);
    172. 

  172.   }
    173. 

  173. 

  174.   /**
    175. 

  175.    * Prepare the destination directory for the backups.
    176. 

  176.    */
    177. 

  177.   function check_dir($directory) {
    178. 

  178.     if (!file_prepare_directory($directory, FILE_CREATE_DIRECTORY)) {
    179. 

  179.       // Unable to create destination directory.
    180. 

  180.       _backup_migrate_message("Unable to create or write to the save directory '%directory'. Please check the file permissions that directory and try again.", array('%directory' => $directory), "error");
    181. 

  181.       return FALSE;
    182. 

  182.     }
    183. 

  183.     // If the destination directory is within the webroot, then secure it as best we can.
    184. 

  184.     if ($this->dir_in_webroot($directory)) {
    185. 

  185.       $directory = $this->check_web_dir($directory);
    186. 

  186.     }
    187. 

  187. 

  188.     return $directory;
    189. 

  189.   }
    190. 

  190. 

  191.   /**
    192. 

  192.    * Check that a web accessible directory has been properly secured, othewise attempt to secure it.
    193. 

  193.    */
    194. 

  194.   function check_web_dir($directory) {
    195. 

  195.     file_create_htaccess($directory, TRUE);
    196. 

  196. 

  197.     // Check the user agent to make sure we're not responding to a request from drupal itself.
    198. 

  198.     // That should prevent infinite loops which could be caused by poormanscron in some circumstances.
    199. 

  199.     if (strpos($_SERVER['HTTP_USER_AGENT'], 'Drupal') !== FALSE) {
    200. 

  200.       return FALSE;
    201. 

  201.     }
    202. 

  202. 

  203.     // Check to see if the destination is publicly accessible
    204. 

  204.     $test_contents = "this file should not be publicly accessible";
    205. 

  205.     // Create the the text.txt file if it's not already there.
    206. 

  206.     if (!is_file($directory .'/test.txt') || file_get_contents($directory .'/test.txt') != $test_contents) {
    207. 

  207.       if ($fp = fopen($directory .'/test.txt', 'w')) {
    208. 

  208.         @fputs($fp, $test_contents);
    209. 

  209.         fclose($fp);
    210. 

  210.       }
    211. 

  211.       else {
    212. 

  212.         $message = t("Security notice: Backup and Migrate was unable to write a test text file to the destination directory %directory, and is therefore unable to check the security of the backup destination. Backups to the server will be disabled until the destination becomes writable and secure.", array('%directory' => $directory));
    213. 

  213.         drupal_set_message($message, "error");
    214. 

  214.         return FALSE;
    215. 

  215.       }
    216. 

  216.     }
    217. 

  217. 

  218.     // Attempt to read the test file via http. This may fail for other reasons,
    219. 

  219.     // so it's not a bullet-proof check.
    220. 

  220.     if ($this->test_file_readable_remotely($directory .'/test.txt', $test_contents)) {
    221. 

  221.       $message = t("Security notice: Backup and Migrate will not save backup files to the server because the destination directory is publicly accessible. If you want to save files to the server, please secure the '%directory' directory", array('%directory' => $directory));
    222. 

  222.       drupal_set_message($message, "error");
    223. 

  223.       return FALSE;
    224. 

  224.     }
    225. 

  225.     return $directory;
    226. 

  226.   }
    227. 

  227. 

  228.   /**
    229. 

  229.    * Check if the given directory is within the webroot and is therefore web accessible.
    230. 

  230.    */
    231. 

  231.   function dir_in_webroot($directory) {
    232. 

  232.     if (strpos(drupal_realpath($directory), realpath($_SERVER['DOCUMENT_ROOT'])) !== FALSE) {
    233. 

  233.       return TRUE;
    234. 

  234.     }
    235. 

  235.     return FALSE;
    236. 

  236.   }
    237. 

  237. 

  238.   /**
    239. 

  239.    * Check if a file can be read remotely via http.
    240. 

  240.    */
    241. 

  241.   function test_file_readable_remotely($path, $contents) {
    242. 

  242.     $url = file_create_url($path);
    243. 

  243.     // TODO: Proper checking for absolute paths.
    244. 

  244.     $result = drupal_http_request($url);
    245. 

  245.     if (!empty($result->data) && strpos($result->data, $contents) !== FALSE) {
    246. 

  246.       return TRUE;
    247. 

  247.     }
    248. 

  248.     return FALSE;
    249. 

  249.   }
    250. 

  250. }
    251. 

  251. 

  252. /**
    253. 

  253.  * The manual files directory.
    254. 

  254.  */
    255. 

  255. class backup_migrate_destination_files_manual extends backup_migrate_destination_files {
    256. 

  256.   var $supported_ops = array('manual backup', 'restore', 'list files', 'configure', 'delete');
    257. 

  257.   function __construct($params = array()) {
    258. 

  258.     $dir = 'private://backup_migrate/manual';
    259. 

  259.     parent::__construct($params + array('location' => $dir, 'name' => t('Manual Backups Directory')));
    260. 

  260.   }
    261. 

  261. }
    262. 

  262. 

  263. /**
    264. 

  264.  * The scheduled files directory.
    265. 

  265.  */
    266. 

  266. class backup_migrate_destination_files_scheduled extends backup_migrate_destination_files {
    267. 

  267.   var $supported_ops = array('scheduled backup', 'restore', 'list files', 'configure', 'delete');
    268. 

  268.   function __construct($params = array()) {
    269. 

  269.     $dir = 'private://backup_migrate/scheduled';
    270. 

  270.     parent::__construct($params + array('location' => $dir, 'name' => t('Scheduled Backups Directory')));
    271. 

  271.   }
    272. 

  272. }
    273. 

  273.