From fc570e6699bcaf9ad30a7ddd45372133c20d3f31 Mon Sep 17 00:00:00 2001 From: sam marshall Date: Thu, 3 Jan 2019 16:49:46 +0000 Subject: [PATCH] MDL-64497 GDPR: moodle_content_writer can cause endless loop Fixes a buggy function by replacing it with a call to file_get_contents, and adds error detection on a couple of file accesses. --- .../classes/local/request/moodle_content_writer.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/privacy/classes/local/request/moodle_content_writer.php b/privacy/classes/local/request/moodle_content_writer.php index 327cd9ed505..637c0bbf495 100644 --- a/privacy/classes/local/request/moodle_content_writer.php +++ b/privacy/classes/local/request/moodle_content_writer.php @@ -376,11 +376,14 @@ class moodle_content_writer implements content_writer { * * @param string $path The path to export the data at. * @param string $data The data to be exported. + * @throws \moodle_exception If the file cannot be written for some reason. */ protected function write_data(string $path, string $data) { $targetpath = $this->path . DIRECTORY_SEPARATOR . $path; check_dir_exists(dirname($targetpath), true, true); - file_put_contents($targetpath, $data); + if (file_put_contents($targetpath, $data) === false) { + throw new \moodle_exception('cannotsavefile', 'error', '', $targetpath); + } $this->files[$path] = $targetpath; } @@ -706,12 +709,12 @@ class moodle_content_writer implements content_writer { * * @param string $filepath The file path. * @return string contents of the file. + * @throws \moodle_exception If the file cannot be opened. */ protected function get_file_content(string $filepath) : String { - $filepointer = fopen($filepath, 'r'); - $content = ''; - while (!feof($filepointer)) { - $content .= fread($filepointer, filesize($filepath)); + $content = file_get_contents($filepath); + if ($content === false) { + throw new \moodle_exception('cannotopenfile', 'error', '', $filepath); } return $content; } -- 2.17.1