gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(metablogizer): Ensure file permissions on every upload

Browse Source 
- Set umask 022 before file operations
- chmod 644 immediately after base64 decode
- chmod 755 on site_path after each upload
- Prevents 403 Forbidden from restrictive permissions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-01-30 18:42:20 +01:00
parent 0562730b5f
commit 4166f4574e
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer
View File

@ -767,17 +767,23 @@ method_upload_file() {
# Create directory structure if needed with proper permissions # Create directory structure if needed with proper permissions
local dir_path=$(dirname "$file_path") local dir_path=$(dirname "$file_path")
# CRITICAL: Set umask BEFORE any file operations
umask 022 umask 022
mkdir -p "$dir_path" mkdir -p "$dir_path"
chmod 755 "$dir_path" chmod 755 "$dir_path"
# Decode base64 content and write file with world-readable permissions # Write file - umask 022 ensures 644 permissions
echo "$content" | base64 -d > "$file_path" 2>/dev/null echo "$content" | base64 -d > "$file_path" 2>/dev/null
local rc=$? local rc=$?
# Immediately set readable permissions on the file # ALWAYS set readable permissions immediately after write
chmod 644 "$file_path" 2>/dev/null chmod 644 "$file_path" 2>/dev/null
# Also ensure parent dirs are traversable
chmod 755 "$site_path" 2>/dev/null
if [ $rc -eq 0 ]; then if [ $rc -eq 0 ]; then
# Fix permissions for entire site directory # Fix permissions for entire site directory
fix_permissions "$site_path" fix_permissions "$site_path"