globals: changing the laws of UNIX is bad (1/many)

/tmp is unlikely to change.  If, however you decide to change
it to somewhere else the likelihood of someone else hardcoding
/tmp just to annoy you is so high that it simply makes no sense
to keep any softcoding in this regard.  More batches coming, but
since the usage is so widespread, I'll push it bit by bit.

src/etc/inc/auth.inc

@@ -103,9 +103,9 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
 // If the HTTP_REFERER is something other than ourselves then disallow.
 if(function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) {
 	if($_SERVER['HTTP_REFERER']) {
-		if(file_exists("{$g['tmp_path']}/setupwizard_lastreferrer")) {
-			if($_SERVER['HTTP_REFERER'] == file_get_contents("{$g['tmp_path']}/setupwizard_lastreferrer")) {
-				unlink("{$g['tmp_path']}/setupwizard_lastreferrer");
+		if(file_exists('/tmp/setupwizard_lastreferrer')) {
+			if($_SERVER['HTTP_REFERER'] == file_get_contents('/tmp/setupwizard_lastreferrer')) {
+				unlink('/tmp/setupwizard_lastreferrer');
 				header("Refresh: 1; url=index.php");
 				echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n        \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
 				echo "<html><head><title>" . gettext("Redirecting...") . "</title></head><body>" . gettext("Redirecting to the dashboard...") . "</body></html>";

src/etc/inc/authgui.inc

@@ -150,9 +150,9 @@ function display_login_form()
 				isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = gettext("unknown reason");
 				printf("showajaxmessage('" . gettext("Invalid login (%s).") . "')", $login_error);
 			}
-			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
+			if (file_exists('/tmp/webconfigurator.lock')) {
 				// TODO: add the IP from the user who did lock the device
-				$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
+				$whom = file_get_contents('/tmp/webconfigurator.lock');
 				printf("showajaxmessage('" . gettext("This device is currently being maintained by: %s.") . "');", $whom);
 			}
 		}

src/etc/inc/config.console.inc

@@ -405,7 +405,7 @@ EODD;
 
 		echo gettext(" done!") . "\n";
 
-		touch("{$g['tmp_path']}/assign_complete");
+		touch('/tmp/assign_complete');
 
 	}
 }

src/etc/inc/filter_log.inc

@@ -1,8 +1,9 @@
 <?php
+
 /*
 	Copyritgh (C) 2014 Deciso B.V.
 	Copyright (C) Scott Ullrich
-	Copyright (C) 2009 Jim Pingle <myfirstname>@<mylastname>.org
+	Copyright (C) 2009 Jim Pingle
 	All rights reserved.
 
 	Redistribution and use in source and binary forms, with or without
@@ -286,10 +287,11 @@ function find_rule_by_number($rulenum, $type="block") {
 	if ($type == "rdr")
 		$_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | /usr/bin/egrep " . escapeshellarg("^@{$rulenum}"), $buffer);
 	else {
-		if (file_exists("{$g['tmp_path']}/rules.debug"))
-			$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer);
-		else
-			$_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer);
+		if (file_exists('/tmp/rules.debug')) {
+			$_gb = exec('/sbin/pfctl -vvPnf /tmp/rules.debug 2>/dev/null | /usr/bin/egrep ' . escapeshellarg($lookup_pattern), $buffer);
+		} else {
+			$_gb = exec('/sbin/pfctl -vvPsr | /usr/bin/egrep ' . escapeshellarg($lookup_pattern), $buffer);
+		}
 	}
 	if (is_array($buffer))
 		return $buffer[0];
@@ -313,10 +315,11 @@ function buffer_rules_load() {
 		}
 	}
 	unset($buffer, $_gb);
-	if (file_exists("{$g['tmp_path']}/rules.debug"))
-		$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]' | /usr/bin/egrep -v '^@[0-9]+\([0-9]+\)[[:space:]](nat|rdr|binat|no|scrub)'", $buffer);
-	else
+	if (file_exists('/tmp/rules.debug')) {
+		$_gb = exec("/sbin/pfctl -vvPnf /tmp/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]' | /usr/bin/egrep -v '^@[0-9]+\([0-9]+\)[[:space:]](nat|rdr|binat|no|scrub)'", $buffer);
+	} else {
 		$_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]'", $buffer);
+	}
 
 	if (is_array($buffer)) {
 		foreach ($buffer as $line) {

src/etc/inc/gwlb.inc

@@ -1,4 +1,5 @@
 <?php
+
 /*
   Copyright (C) 2008 Bill Marquette, Seth Mos
   Copyright (C) 2010 Ermal Luçi
@@ -24,11 +25,8 @@
   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   POSSIBILITY OF SUCH DAMAGE.
+*/
 
-	pfSense_BUILDER_BINARIES:	/sbin/route	/usr/local/sbin/apinger
-	pfSense_MODULE:	routing
-
- */
 require_once("config.inc");
 require_once("rrd.inc");
 
@@ -339,11 +337,8 @@ EOD;
 	@file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig);
 	unset($apingerconfig);
 
-	if (is_dir("{$g['tmp_path']}"))
-		chmod("{$g['tmp_path']}", 01777);
-	if (!is_dir("{$g['vardb_path']}/rrd"))
-		mkdir("{$g['vardb_path']}/rrd", 0775);
-
+	@chmod('/tmp', 01777);
+	@mkdir("{$g['vardb_path']}/rrd", 0775);
 	@chown("{$g['vardb_path']}/rrd", "nobody");
 
 	/* Restart apinger process */
@@ -698,13 +693,13 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
 	if ($found_defaultv4 == 0 || $found_defaultv6 == 0) {
 		foreach ($gateways_arr as &$gateway) {
 			if (($gateway['friendlyiface'] == "wan") && ($found_defaultv4 == 0) && (!isset($gateway['ipprotocol']) || ($gateway['ipprotocol'] == "inet"))) {
-				if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) {
+				if (file_exists("/tmp/{$gateway['interface']}_defaultgw")) {
 					$gateway['defaultgw'] = true;
 					$found_defaultv4 = 1;
 				}
 			}
 			if (($gateway['friendlyiface'] == "wan") && ($found_defaultv6 == 0) && ($gateway['ipprotocol'] == "inet6")) {
-				if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgwv6")) {
+				if (file_exists("/tmp/{$gateway['interface']}_defaultgwv6")) {
 					$gateway['defaultgw'] = true;
 					$found_defaultv6 = 1;
 				}
@@ -975,11 +970,11 @@ function get_interface_gateway($interface, &$dynamic = false) {
 	// for dynamic interfaces we handle them through the $interface_router file.
 	if (!is_ipaddrv4($gw) && !is_ipaddrv4($gwcfg['ipaddr'])) {
 		$realif = get_real_interface($interface);
-		if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
-				$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
+		if (file_exists("/tmp/{$realif}_router")) {
+				$gw = trim(file_get_contents("/tmp/{$realif}_router"), " \n");
 			$dynamic = true;
 		}
-		if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw"))
+		if (file_exists("/tmp/{$realif}_defaultgw"))
 			$dynamic = "default";
 
 	}
@@ -1005,11 +1000,11 @@ function get_interface_gateway_v6($interface, &$dynamic = false) {
 	// for dynamic interfaces we handle them through the $interface_router file.
 	if (!is_ipaddrv6($gw) && !is_ipaddrv6($gwcfg['ipaddrv6'])) {
 			$realif = get_real_interface($interface);
-			if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) {
-				$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n");
+			if (file_exists("/tmp/{$realif}_routerv6")) {
+				$gw = trim(file_get_contents("/tmp/{$realif}_routerv6"), " \n");
 				$dynamic = true;
 			}
-			if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6"))
+			if (file_exists("/tmp/{$realif}_defaultgwv6"))
 				$dynamic = "default";
 
 	}

src/etc/inc/ipsec.attributes.php

@@ -1,6 +1,7 @@
 <?php
+
 /*
-        Copyright (C) 2011-2012         Ermal Luçi
+        Copyright (C) 2011-2012 Ermal Luçi
         All rights reserved.
 
         Redistribution and use in source and binary forms, with or without
@@ -177,8 +178,6 @@ $rules = parse_cisco_acl($attributes);
 if (!empty($rules)) {
 	$pid = posix_getpid();
 	@file_put_contents("/tmp/ipsec_{$pid}{$common_name}.rules", $rules);
-	mwexec("/sbin/pfctl -a " . escapeshellarg("ipsec/{$common_name}") . " -f {$g['tmp_path']}/ipsec_{$pid}" . escapeshellarg($common_name) . ".rules");
-	@unlink("{$g['tmp_path']}/ipsec_{$pid}{$common_name}.rules");
+	mwexec("/sbin/pfctl -a " . escapeshellarg("ipsec/{$common_name}") . " -f /tmp/ipsec_{$pid}" . escapeshellarg($common_name) . ".rules");
+	@unlink("/tmp/ipsec_{$pid}{$common_name}.rules");
 }
-
-?>

src/etc/inc/notices.inc

@@ -1,8 +1,8 @@
 <?php
 
 /*
- * Copyright (C) 2009 Scott Ullrich (sullrich@gmail.com)
- * Copyright (C) 2005 Colin Smith (ethethlay@gmail.com)
+ * Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>
+ * Copyright (C) 2005 Colin Smith <ethethlay@gmail.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,8 +31,6 @@
 require_once("globals.inc");
 require_once("led.inc");
 
-$notice_path = $g['tmp_path'] . '/notices';
-
 /****f* notices/file_notice
  * NAME
  *   file_notice
@@ -49,7 +47,6 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority =
 	 * $priority - A notice's priority. Higher numbers indicate greater severity.
 	 *	       0 = informational, 1 = warning, 2 = error, etc. This may also be arbitrary,
 	 */
-	global $notice_path;
 	if(!$queue = get_notices()) $queue = array();
 	$queuekey = time();
 	$toqueue = array(
@@ -60,9 +57,9 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority =
 				'priority'	=> $priority,
 			);
 	$queue[$queuekey] = $toqueue;
-	$queueout = fopen($notice_path, "w");
+	$queueout = fopen('/tmp/notices', 'w');
 	if(!$queueout) {
-		log_error(printf(gettext("Could not open %s for writing"), $notice_path));
+		log_error(printf(gettext("Could not open %s for writing"), '/tmp/notices'));
 		return;
 	}
 	fwrite($queueout, serialize($queue));
@@ -87,11 +84,12 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority =
  * RESULT
  *   Returns a specific notices text
  ******/
-function get_notices($category = "all") {
+function get_notices($category = 'all')
+{
 	global $g;
 
-	if(file_exists("{$g['tmp_path']}/notices")) {
-		$queue = unserialize(file_get_contents("{$g['tmp_path']}/notices"));
+	if (file_exists('/tmp/notices')) {
+		$queue = unserialize(file_get_contents('/tmp/notices'));
 		if(!$queue) return false;
 		if($category != 'all') {
 			foreach($queue as $time => $notice) {
@@ -115,9 +113,10 @@ function get_notices($category = "all") {
  * RESULT
  *   Removes a notice from the list
  ******/
-function close_notice($id) {
-	global $notice_path;
+function close_notice($id)
+{
 	require_once("util.inc");
+
 	/* soekris */
 	if(file_exists("/dev/led/error"))
 		exec("/bin/echo 0 > /dev/led/error");
@@ -126,7 +125,7 @@ function close_notice($id) {
 	$ids = array();
 	if(!$notices = get_notices()) return;
 	if($id == "all") {
-		unlink_if_exists($notice_path);
+		unlink_if_exists('/tmp/notices');
 		return;
 	}
 	foreach(array_keys($notices) as $time) {
@@ -145,11 +144,11 @@ function close_notice($id) {
 		}
 	}
 	if(count($notices) != 0) {
-		$queueout = fopen($notice_path, "w");
+		$queueout = fopen('/tmp/notices', 'w');
 		fwrite($queueout, serialize($notices));
 		fclose($queueout);
 	} else {
-		unlink_if_exists($notice_path);
+		unlink_if_exists('/tmp/notices');
 	}
 
 	return;
@@ -165,7 +164,7 @@ function close_notice($id) {
  ******/
 function dump_xml_notices() {
 	require_once("xmlparse.inc");
-	global $notice_path, $listtags;
+	global $listtags;
 	$listtags[] = 'notice';
 	if(!$notices = get_notices()) return;
 	foreach($notices as $time => $notice) {
@@ -235,11 +234,12 @@ function print_notice_box($category = "all") {
  * RESULT
  *   returns true if notices are pending, false if they are not
  ******/
-function are_notices_pending($category = "all") {
-	global $notice_path;
-	if(file_exists($notice_path)) {
+function are_notices_pending($category = 'all')
+{
+	if (file_exists('/tmp/notices')) {
 		return true;
 	}
+
 	return false;
 }
 

src/etc/inc/openvpn.attributes.php

@@ -1,6 +1,7 @@
 <?php
+
 /*
-        Copyright (C) 2011-2012         Ermal Luçi
+        Copyright (C) 2011-2012 Ermal Luçi
         All rights reserved.
 
         Redistribution and use in source and binary forms, with or without
@@ -179,8 +180,8 @@ $rules = parse_cisco_acl($attributes);
 if (!empty($rules)) {
 	$pid = posix_getpid();
 	@file_put_contents("/tmp/ovpn_{$pid}{$common_name}.rules", $rules);
-	mwexec("/sbin/pfctl -a " . escapeshellarg("openvpn/{$common_name}") . " -f {$g['tmp_path']}/ovpn_{$pid}" . escapeshellarg($common_name) . ".rules");
-	@unlink("{$g['tmp_path']}/ovpn_{$pid}{$common_name}.rules");
+	mwexec("/sbin/pfctl -a " . escapeshellarg("openvpn/{$common_name}") . " -f /tmp/ovpn_{$pid}" . escapeshellarg($common_name) . ".rules");
+	@unlink("/tmp/ovpn_{$pid}{$common_name}.rules");
 }
 
 ?>

src/etc/inc/openvpn.auth-user.php

@@ -160,8 +160,9 @@ if (isset($attributes['framed_ip'])) {
 //      }
 }
 
-if (!empty($content))
-        @file_put_contents("{$g['tmp_path']}/{$username}", $content);
+if (!empty($content)) {
+        @file_put_contents("/tmp/{$username}", $content);
+}
 
 syslog(LOG_NOTICE, "user '{$username}' authenticated\n");
 closelog();

src/etc/inc/pkg-utils.inc

@@ -2,7 +2,7 @@
 
 /*
  * Copyright (C) 2010 Ermal Luci
- * Copyright (C) 2005-2006 Colin Smith (ethethlay@gmail.com)
+ * Copyright (C) 2005-2006 Colin Smith <ethethlay@gmail.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -55,7 +55,7 @@ if (!function_exists("pkg_debug")) {
 			return;
 
 		if (!$fd_log) {
-			if (!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_{$package}.log", "w"))
+			if (!$fd_log = fopen("/tmp/pkg_mgr_{$package}.log", "w"))
 				update_output_window("Warning, could not open log for writing.");
 		}
 		@fwrite($fd_log, $msg);
@@ -473,7 +473,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url =
 			$pkgstaging = "-o {$pkgstagingdir}/instmp.XXXXXX";
 			$fetchdir = $pkgstagingdir;
 		} else {
-			$fetchdir = $g['tmp_path'];
+			$fetchdir = '/tmp';
 		}
 
 		/* FreeBSD has no PBI's hosted, so fall back to our own URL for now. (Maybe fail to PC-BSD?) */

src/etc/inc/services.inc

@@ -287,7 +287,7 @@ function services_dhcpd_configure($family = "all", $blacklist = array()) {
 	global $config, $g;
 
 	/* configure DHCPD chroot once */
-	$fd = fopen("{$g['tmp_path']}/dhcpd.sh","w");
+	$fd = fopen('/tmp/dhcpd.sh', 'w');
 	fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}\n");
 	fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}/dev\n");
 	fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}/etc\n");
@@ -306,7 +306,7 @@ function services_dhcpd_configure($family = "all", $blacklist = array()) {
 	if (!trim($status))
 		fwrite($fd, "/sbin/mount -t devfs devfs {$g['dhcpd_chroot_path']}/dev\n");
 	fclose($fd);
-	mwexec("/bin/sh {$g['tmp_path']}/dhcpd.sh");
+	mwexec('/bin/sh /tmp/dhcpd.sh');
 
 	if ($family == "all" || $family == "inet")
 		services_dhcpdv4_configure();
@@ -1345,7 +1345,7 @@ EOD;
         }
 	$igmpconf .= "\n";
 
-        $igmpfl = fopen($g['tmp_path'] . "/igmpproxy.conf", "w");
+        $igmpfl = fopen('/tmp/igmpproxy.conf', 'w');
         if (!$igmpfl) {
                 log_error(gettext("Could not write Igmpproxy configuration file!"));
                 return;
@@ -1355,7 +1355,7 @@ EOD;
 	unset($igmpconf);
 
 	/* NOTE: -d4 means everything LOG_WARNING and smaller */
-        mwexec("/usr/local/sbin/igmpproxy -d4 -c {$g['tmp_path']}/igmpproxy.conf");
+        mwexec('/usr/local/sbin/igmpproxy -d4 -c /tmp/igmpproxy.conf');
         log_error(gettext("Started IGMP proxy service."));
 
         return 0;