How does mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777) succeed?
The PHP script [FONT="Courier New"]includes/modules/pages/download/header_php.php[/FONT] creates a temporary subdirectory in directory pub, although [FONT="Courier New"]pub[/FONT]'s permissions are identical to all other Zen Cart directories (755):
Quote:
drwxr-xr-x 3 zcnb zcnb 4096 Jul 24 16:24 pub
I was trying to create a temporary file in the download directory in the same manner, in that same exact [FONT="Courier New"]includes/modules/pages/download/header_php.php[/FONT] file, but that operation fails. I understand that for security reasons, the script handling customer's download session should not be able to write/create a file in any directory. But the fact that Zen Cart is able to do so inside the same PHP script I am trying to modify, hints that there is a way to succeed in what I am trying to accomplish.
What is the proper way to create/copy a file (on the fly, as a result of the customer clicking the 'download' button) inside the [FONT="Courier New"]download[/FONT] directory?
Thanks,
Daniel
Re: How does mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777) succeed?
Do you use the umask function before trying to create the directory?
in includes/modules/pages/download/header_php.php it is being used like this:
http://docs.php.net/manual/en/function.umask.php
Re: How does mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777) succeed?
Quote:
Originally Posted by
paulm
Do you use the umask function before trying to create the directory?
Of course I use the umask function - although I knew up front that it wasn't going to help in my case: :smile:
PHP Code:
$copyfile_errmsg = "Can't copy " . $origin_filename . " to " . $temp_filename;
umask(0000);
copy($origin_filename, $temp_filename) or die($copyfile_errmsg);
IMHO, the problem has to do with the PHP script running under the PHP session, which is not the same as the owner of the Zen Cart directories. This is understandable and good for security purposes.
However, what I don't understand is how that mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777) manages to succeed in creating that $tempdir... Are the permission rules different for creating directories vs. creating files?