From 85ad231e51c47d2879571d178c7195b16a457783 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 15 Apr 2015 12:03:46 +0200
Subject: [PATCH] Refactor SimpleSAML_Utilities::getTempDir() to
 SimpleSAML_Utils_System::getTempDir().

Schedule SimpleSAML_Utilities::getTempDir() for removal.
---
 lib/SimpleSAML/Bindings/Shib13/Artifact.php |  2 +-
 lib/SimpleSAML/Utilities.php                |  1 +
 lib/SimpleSAML/Utils/System.php             | 31 +++++++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 4eda10bb3..d06d71592 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -137,7 +137,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 				"-----END CERTIFICATE-----\n";
 		}
 
-		$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.crt';
+		$file = SimpleSAML_Utils_System::getTempDir() . DIRECTORY_SEPARATOR . sha1($certData) . '.crt';
 		if (!file_exists($file)) {
 			SimpleSAML_Utilities::writeFile($file, $certData);
 		}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index e38e0b16e..79d93e0cd 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1966,6 +1966,7 @@ class SimpleSAML_Utilities {
 	 * temporary files can be saved.
 	 *
 	 * @return string  Path to temp directory, without a trailing '/'.
+	 * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML_Utils_System::getTempDir instead.
 	 */
 	public static function getTempDir() {
 
diff --git a/lib/SimpleSAML/Utils/System.php b/lib/SimpleSAML/Utils/System.php
index 558645520..3445af038 100644
--- a/lib/SimpleSAML/Utils/System.php
+++ b/lib/SimpleSAML/Utils/System.php
@@ -54,4 +54,35 @@ class SimpleSAML_Utils_System
         }
         return false;
     }
+
+    /**
+     * This function retrieves the path to a directory where temporary files can be saved.
+     *
+     * @return string Path to a temporary directory, without a trailing directory separator.
+     * @throws SimpleSAML_Error_Exception If the temporary directory cannot be created or it exists and does not belong
+     * to the current user.
+     */
+    public static function getTempDir()
+    {
+        $globalConfig = SimpleSAML_Configuration::getInstance();
+
+        $tempDir = rtrim($globalConfig->getString('tempdir', sys_get_temp_dir().DIRECTORY_SEPARATOR.'simplesaml'),
+            DIRECTORY_SEPARATOR);
+
+        if (!is_dir($tempDir)) {
+            if (!mkdir($tempDir, 0700, true)) {
+                throw new SimpleSAML_Error_Exception('Error creating temporary directory "'.$tempDir.
+                    '": '.SimpleSAML_Utilities::getLastError());
+            }
+        } elseif (function_exists('posix_getuid')) {
+            // check that the owner of the temp directory is the current user
+            $stat = lstat($tempDir);
+            if ($stat['uid'] !== posix_getuid()) {
+                throw new SimpleSAML_Error_Exception('Temporary directory "'.$tempDir.
+                    '" does not belong to the current user.');
+            }
+        }
+
+        return $tempDir;
+    }
 }
\ No newline at end of file
-- 
GitLab