InfoCard: Fix insecure file creation.

The InfoCard modules stores files in /tmp, but does this in a way that
allows another user with local access to the machine to overwrite any
file the webserver has access to.

This patch fixes it by moving the files into the simpleSAMLphp temp
directory.

Thanks to Thijs Kinkhorst <thijs@uvt.nl> for reporting this bug.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2082 44740490-163a-0410-bde0-09ae8108e29a

modules/InfoCard/www/STS_card_issuer.php

@@ -126,7 +126,7 @@ function enable_download($username, $cardid){
 	$time = 'x'.time(); //Cannot start with a number	
 	
 	$uuid = uniqid();
-	$handle = fopen("/tmp/$uuid",'w');
+	$handle = fopen(SimpleSAML_Utilities::getTempDir() . "/$uuid",'w');
 	if ($handle) {
 		fwrite($handle, strlen($username).$username.strlen($cardid).$cardid.strlen($time).$time);
 		fclose ($handle);
@@ -152,7 +152,7 @@ function disable_download($uuid){
 */
 function is_card_enabled($uuid, $delivery_time){
 	$now = time();	
-	$filename = "/tmp/$uuid";
+	$filename = SimpleSAML_Utilities::getTempDir() . "/$uuid";
 	
 	//File check
 	if (!file_exists($filename)) return false; //File doesn't exist

modules/InfoCard/www/prueba.php

@@ -33,7 +33,7 @@ if ($result[0]){
 pg_close($dbconn);
 
 
-// $handle = fopen('/tmp/prueba2.txt','w');
+// $handle = fopen(SimpleSAML_Utilities::getTempDir() . '/prueba2.txt','w');
 // fwrite($handle, 'prueba');
 // fclose ($handle);