Skip to content
Browse files

MDL-29773 prevent negative unix timestamps in the files table

  • Loading branch information...
1 parent cfb1504 commit 00a3005485ef068f9961570191d76a23ebd6fad4 @skodak skodak committed with stronk7 Oct 14, 2011
Showing with 60 additions and 4 deletions.
  1. +60 −4 lib/filestorage/file_storage.php
View
64 lib/filestorage/file_storage.php
@@ -652,6 +652,16 @@ public function create_file_from_storedfile($file_record, $fileorid) {
}
}
+ if ($key === 'timecreated' or $key === 'timemodified') {
+ if (!is_number($value)) {
+ throw new file_exception('storedfileproblem', 'Invalid file '.$key);
+ }
+ if ($value < 0) {
+ //NOTE: unfortunately I make a mistake when creating the "files" table, we can not have negative numbers there, on the other hand no file should be older than 1970, right? (skodak)
+ $value = 0;
+ }
+ }
+
$newrecord->$key = $value;
}
@@ -784,6 +794,29 @@ public function create_file_from_pathname($file_record, $pathname) {
}
$now = time();
+ if (isset($file_record->timecreated)) {
+ if (!is_number($file_record->timecreated)) {
+ throw new file_exception('storedfileproblem', 'Invalid file timecreated');
+ }
+ if ($file_record->timecreated < 0) {
+ //NOTE: unfortunately I make a mistake when creating the "files" table, we can not have negative numbers there, on the other hand no file should be older than 1970, right? (skodak)
+ $file_record->timecreated = 0;
+ }
+ } else {
+ $file_record->timecreated = $now;
+ }
+
+ if (isset($file_record->timemodified)) {
+ if (!is_number($file_record->timemodified)) {
+ throw new file_exception('storedfileproblem', 'Invalid file timemodified');
+ }
+ if ($file_record->timemodified < 0) {
+ //NOTE: unfortunately I make a mistake when creating the "files" table, we can not have negative numbers there, on the other hand no file should be older than 1970, right? (skodak)
+ $file_record->timemodified = 0;
+ }
+ } else {
+ $file_record->timemodified = $now;
+ }
$newrecord = new stdClass();
@@ -794,8 +827,8 @@ public function create_file_from_pathname($file_record, $pathname) {
$newrecord->filepath = $file_record->filepath;
$newrecord->filename = $file_record->filename;
- $newrecord->timecreated = empty($file_record->timecreated) ? $now : $file_record->timecreated;
- $newrecord->timemodified = empty($file_record->timemodified) ? $now : $file_record->timemodified;
+ $newrecord->timecreated = $file_record->timecreated;
+ $newrecord->timemodified = $file_record->timemodified;
$newrecord->mimetype = empty($file_record->mimetype) ? mimeinfo('type', $file_record->filename) : $file_record->mimetype;
$newrecord->userid = empty($file_record->userid) ? null : $file_record->userid;
$newrecord->source = empty($file_record->source) ? null : $file_record->source;
@@ -873,6 +906,29 @@ public function create_file_from_string($file_record, $content) {
}
$now = time();
+ if (isset($file_record->timecreated)) {
+ if (!is_number($file_record->timecreated)) {
+ throw new file_exception('storedfileproblem', 'Invalid file timecreated');
+ }
+ if ($file_record->timecreated < 0) {
+ //NOTE: unfortunately I make a mistake when creating the "files" table, we can not have negative numbers there, on the other hand no file should be older than 1970, right? (skodak)
+ $file_record->timecreated = 0;
+ }
+ } else {
+ $file_record->timecreated = $now;
+ }
+
+ if (isset($file_record->timemodified)) {
+ if (!is_number($file_record->timemodified)) {
+ throw new file_exception('storedfileproblem', 'Invalid file timemodified');
+ }
+ if ($file_record->timemodified < 0) {
+ //NOTE: unfortunately I make a mistake when creating the "files" table, we can not have negative numbers there, on the other hand no file should be older than 1970, right? (skodak)
+ $file_record->timemodified = 0;
+ }
+ } else {
+ $file_record->timemodified = $now;
+ }
$newrecord = new stdClass();
@@ -883,8 +939,8 @@ public function create_file_from_string($file_record, $content) {
$newrecord->filepath = $file_record->filepath;
$newrecord->filename = $file_record->filename;
- $newrecord->timecreated = empty($file_record->timecreated) ? $now : $file_record->timecreated;
- $newrecord->timemodified = empty($file_record->timemodified) ? $now : $file_record->timemodified;
+ $newrecord->timecreated = $file_record->timecreated;
+ $newrecord->timemodified = $file_record->timemodified;
$newrecord->mimetype = empty($file_record->mimetype) ? mimeinfo('type', $file_record->filename) : $file_record->mimetype;
$newrecord->userid = empty($file_record->userid) ? null : $file_record->userid;
$newrecord->source = empty($file_record->source) ? null : $file_record->source;

0 comments on commit 00a3005

Please sign in to comment.
Something went wrong with that request. Please try again.