From f436aa835dfa3f727ed140e1c9b0dcb296a64a77 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Thu, 23 May 2013 17:45:00 +0100
Subject: [PATCH] Set a stream context timeout for file reading

Add a context array to all instances of file_get_contents(). This is so
we don't end up with a timeout too early if the system is set to
something short (ie, 15 secs) and we try to open a large file that takes
longer than this short limit.
---
 index.php                |  2 +-
 lib/file-control.php     |  8 ++++----
 lib/multiple-results.php |  4 ++--
 lib/settings.php         | 13 ++++++++++---
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/index.php b/index.php
index 729e8b6..8f87440 100644
--- a/index.php
+++ b/index.php
@@ -10,7 +10,7 @@ $updateMsg = '';
 if ($ICEcoder["checkUpdates"]) {
 	$icv_url = "http://icecoder.net/latest-version?thisVersion=".$ICEcoder["versionNo"];
 	if (ini_get('allow_url_fopen')) {
-		$icvInfo = explode("\n",file_get_contents($icv_url));
+		$icvInfo = explode("\n",file_get_contents($icv_url,false,$context));
 	} elseif (function_exists('curl_init')) {
 		$ch = curl_init($icv_url);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
diff --git a/lib/file-control.php b/lib/file-control.php
index 19b6ed4..6787c79 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -38,7 +38,7 @@ if ($_GET['action']=="load") {
 			echo '<script>fileType="text";';
 			echo 'top.ICEcoder.shortURL = top.ICEcoder.rightClickedFile = top.ICEcoder.thisFileFolderLink = "'.$fileLoc."/".$fileName.'";';
 			echo '</script>';
-			$loadedFile = toUTF8noBOM(file_get_contents($file),true);
+			$loadedFile = toUTF8noBOM(file_get_contents($file,false,$context),true);
 			echo '<textarea name="loadedFile" id="loadedFile">'.str_replace("</textarea>","<ICEcoder:/:textarea>",str_replace("&","&amp;",$loadedFile)).'</textarea>';
 		} else if (strpos($finfo,"image")===0) {
 			echo '<script>fileType="image";fileName=\''.$fileLoc."/".$fileName.'\'</script>';
@@ -53,7 +53,7 @@ if ($_GET['action']=="load") {
 
 // Get the contents of a remote URL
 if ($_GET['action']=="getRemoteFile") {
-	if ($remoteFile = toUTF8noBOM(file_get_contents($file),true)) {
+	if ($remoteFile = toUTF8noBOM(file_get_contents($file,false,$context),true)) {
 		// replace \r\n (Windows), \r (old Mac) and \n (Linux) line endings with whatever we chose to be lineEnding
 		$remoteFile = str_replace("\r\n", $ICEcoder["lineEnding"], $remoteFile);
 		$remoteFile = str_replace("\r", $ICEcoder["lineEnding"], $remoteFile);
@@ -197,7 +197,7 @@ if ($_GET['action']=="rename") {
 if ($_GET['action']=="replaceText") {
 	if (!$demoMode && is_writable(str_replace("|","/",strClean($_GET['fileRef'])))) {
 		$file = str_replace("|","/",strClean($_GET['fileRef']));
-		$loadedFile = toUTF8noBOM(file_get_contents($file),true);
+		$loadedFile = toUTF8noBOM(file_get_contents($file,false,$context),true);
 		$newContent = str_replace(strClean($_GET['find']),strClean($_GET['replace']),$loadedFile);
 		$fh = fopen($file, 'w') or die("Sorry, cannot save");
 		fwrite($fh, $newContent);
@@ -296,7 +296,7 @@ if ($_GET['action']=="save") {
 				echo '<script>if (top.ICEcoder.previewWindow.location && top.ICEcoder.previewWindow.location.pathname.indexOf(".md")==-1) {top.ICEcoder.previewWindow.location.reload()};</script>';
 				echo '<script>top.ICEcoder.setPreviousFiles();action="doneSave";</script>';
 			} else {
-				$loadedFile = toUTF8noBOM(file_get_contents($file),true);
+				$loadedFile = toUTF8noBOM(file_get_contents($file,false,$context),true);
 				echo '<textarea name="loadedFile" id="loadedFile">'.str_replace("</textarea>","<ICEcoder:/:textarea>",htmlentities($loadedFile)).'</textarea>';
 				echo '<textarea name="userVersionFile" id="userVersionFile"></textarea>';
 				?>
diff --git a/lib/multiple-results.php b/lib/multiple-results.php
index 3d70c06..218b5ec 100644
--- a/lib/multiple-results.php
+++ b/lib/multiple-results.php
@@ -121,7 +121,7 @@ if (startTab!=top.ICEcoder.selectedTab) {
 			$fullPath = $path.$slash.$f;
 			if(is_dir($fullPath)) {
 				$ret .= phpGrep($q, $fullPath, $base);
-			} else if(stristr(toUTF8noBOM(file_get_contents($fullPath),false), $q)) {
+			} else if(stristr(toUTF8noBOM(file_get_contents($fullPath,false,$context),false), $q)) {
 				$bFile = false;
 				$foundInSelFile = false;
 				for ($i=0;$i<count($ICEcoder['bannedFiles']);$i++) {
@@ -136,7 +136,7 @@ if (startTab!=top.ICEcoder.selectedTab) {
 				}
 				if (!$bFile && (count($selectedFiles)==0 || count($selectedFiles)>0 && $foundInSelFile)) {
 					$ret .= "<a href=\\\"javascript:top.ICEcoder.openFile('".$fullPath."');top.ICEcoder.showHide('hide',top.document.getElementById('blackMask'))\\\">";
-					$ret .= str_replace($base,"",$fullPath)."</a><div id=\\\"foundCount".$r."\\\">Found ".substr_count(strtolower(toUTF8noBOM(file_get_contents($fullPath),false)),$q)." times</div>";
+					$ret .= str_replace($base,"",$fullPath)."</a><div id=\\\"foundCount".$r."\\\">Found ".substr_count(strtolower(toUTF8noBOM(file_get_contents($fullPath,false,$context),false)),$q)." times</div>";
 					if (isset($_GET['replace'])) {
 						$ret .= "<div class=\\\"replace\\\" id=\\\"replace\\\" onClick=\\\"replaceInFileSingle('".$fullPath."');this.style.display=\'none\'\\\">replace</div>";
 					};
diff --git a/lib/settings.php b/lib/settings.php
index bbe391e..2a07574 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -8,6 +8,13 @@ error_reporting(-1);
 // Set our default timezone and supress warning with @
 @date_default_timezone_set(date_default_timezone_get());
 
+// Set a stream context timeout for file reading
+$context = stream_context_create(array('http'=>
+	array(
+		'timeout' => 60 // secs
+	)
+));
+
 // Start a session if we haven't already
 if(!isset($_SESSION)) {session_start();}
 
@@ -98,7 +105,7 @@ $demoMode = $ICEcoder['demoMode'];
 
 // Update this config file?
 if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset($_POST["theme"]) && $_POST["theme"]) {
-	$settingsContents = file_get_contents($settingsFile);
+	$settingsContents = file_get_contents($settingsFile,false,$context);
 	// Replace our settings vars
 	$repPosStart = strpos($settingsContents,'"root"');
 	$repPosEnd = strpos($settingsContents,'"previousFiles"');
@@ -187,7 +194,7 @@ if (!$allowedIP) {
 
 // Save the currently opened files for next time
 if ($_SESSION['loggedIn'] && isset($_GET["saveFiles"]) && $_GET['saveFiles']) {
-	$settingsContents = file_get_contents($settingsFile);
+	$settingsContents = file_get_contents($settingsFile,false,$context);
 
 	// Replace our previousFiles var with the the current
 	$repPosStart = strpos($settingsContents,'previousFiles"		=> "')+20;
@@ -294,7 +301,7 @@ if ((!$_SESSION['loggedIn'] || $ICEcoder["accountPassword"] == "") && !strpos($_
 	if ($ICEcoder["accountPassword"] == "" && isset($_POST['accountPassword'])) {
 		$password = generateHash(strClean($_POST['accountPassword']));
 		$settingsFile = $settingsFile;
-		$settingsContents = file_get_contents($settingsFile);
+		$settingsContents = file_get_contents($settingsFile,false,$context);
 		// Replace our empty password with the one submitted by user
 		$settingsContents = str_replace('"accountPassword"	=> "",','"accountPassword"	=> "'.$password.'",',$settingsContents);
 		// Also set the update checker preference