bluecherrydvr · curtishall · Jan 25, 2023 · Feb 20, 2023 · Feb 21, 2023 · Feb 21, 2023
diff --git a/misc/postinstall.sh b/misc/postinstall.sh
@@ -142,12 +142,13 @@ case "$1" in
 		fi
 
 		# Allow update_subdomain_certs.sh script to run as www-data
+		# Allow www-data to run check_dir_permission.sh as the Bluecherry user
 		chown root:www-data /usr/share/bluecherry/scripts/update_subdomain_certs.sh
 		chmod 550 /usr/share/bluecherry/scripts/update_subdomain_certs.sh
-		echo "www-data ALL=(ALL) NOPASSWD: /usr/share/bluecherry/scripts/update_subdomain_certs.sh" \
+		printf "www-data ALL=(ALL) NOPASSWD: /usr/share/bluecherry/scripts/update_subdomain_certs.sh\nwww-data ALL=(ALL) NOPASSWD: /usr/share/bluecherry/scripts/check_dir_permissions.sh\n" \
 			> /etc/sudoers.d/www-data
 		chmod 0440 /etc/sudoers.d/www-data
-
+	
 		mkdir -p /usr/share/bluecherry/ssl
 		cp /etc/ssl/certs/ssl-cert-snakeoil.pem /usr/share/bluecherry/ssl/bluecherry-snakeoil.pem
 		cp /etc/ssl/private/ssl-cert-snakeoil.key /usr/share/bluecherry/ssl/bluecherry-snakeoil.key

diff --git a/scripts/check_dir_permission.sh b/scripts/check_dir_permission.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# script to change permission of file
+
+# File variable to store location
+
+FILE="$1"
+
+if [[ ! -e "${FILE}" ]]; then
+    #  creating directory...
+    mkdir -p "${FILE}"
+    # write permission of other and group of file
+    chmod 770 "${FILE}"
+    chown -R bluecherry:bluecherry "${FILE}"
+elif [[ ! -d "${FILE}" ]]; then
+    echo "FILE already exists but is not a directory"
+fi
+
+# find out if file has write permission or not
+#[ -w $FILE ] && W="Write = yes" || W="Write = No"
+[ -w $FILE ] && W=w || W='-'
+
+# find out if file has excute permission or not
+[ -x $FILE ] && X=x || X='-'
+
+# find out if file has read permission or not
+[ -r $FILE ] && R=r || R='-'
+
+#echo "$FILE permissions"
+echo "-$W$R$X"
diff --git a/www/ajax/storagecheck.php b/www/ajax/storagecheck.php
@@ -34,6 +34,10 @@ public function directory_status($path, $type = '')
     		return array('F', str_replace('%PATH%', $path, DIR_DOES_NOT_EXIST_OR_NOT_READABLE));
     	}
 
+    	$dir = shell_exec("/usr/share/bluecherry/scripts/check_dir_permission.sh $path");
+        if(!strpos($dir, 'wr')){
+            return array('F', str_replace('%PATH%', $path, DIR_NOT_WRITABLE));
+        }
         $file_group = posix_getgrgid(filegroup($path));
         $allowed_group = array('bluecherry', 'www-data');
         if ((!isset($file_group['name'])) || (isset($file_group['name']) && (!in_array($file_group['name'], $allowed_group)))) {
@@ -45,6 +49,10 @@ public function directory_status($path, $type = '')
             return array('F', str_replace('%PATH%', $path, DIR_NOT_READABLE));
         }
 
+        if (!is_writable($path)) {
+            return array('F', str_replace('%PATH%', $path, DIR_NOT_WRITABLE));
+        }
+
         if (!is_readable($path)) {
             return array('F', str_replace('%PATH%', $path, DIR_NOT_READABLE));
         }

diff --git a/www/lib/lang.php b/www/lib/lang.php
@@ -462,6 +462,7 @@
 define('STORAGE_INFO_MESSAGE', 'Please note that if you add a new storage location, you need to make sure that: <br /> - folder exists <br /> - folder is empty <br /> - folder belongs to user bluecherry, group bluecherry.');
 define('DIR_DOES_NOT_EXIST_OR_NOT_READABLE', 'Server could not open the specified directory "<b>%PATH%</b>". See Note 2.
 	');
+define('DIR_NOT_WRITABLE', 'Specified directory "<b>%PATH%</b>" exists, but is not writable See Note 2.');
 define('DIR_NOT_READABLE', 'Specified directory "<b>%PATH%</b>" exists, but is not readable. See Note 2.
 	');
 define('DIR_NOT_EMPTY', 'Specified directory is not empty, all contents will be deleted after it is added.');

diff --git a/www/lib/lib.php b/www/lib/lib.php
@@ -862,7 +862,12 @@ public static function create($rawData){
 		#if errors were detected -- return error
 		if (!$data[0]) { return $data; } else { $data = $data[1]; };
 		#if there were no errors, add the camera
-		$result = data::query("INSERT INTO Devices (device_name, protocol, device, driver, rtsp_username, rtsp_password, resolutionX, resolutionY, mjpeg_path, model, rtsp_rtp_prefer_tcp, onvif_port, substream_path, hls_window_size, hls_segment_size, hls_segment_duration) VALUES ('{$data['device_name']}', '{$data['protocol']}', '{$data['device']}', '{$data['driver']}', '{$data['rtsp_username']}', '{$data['rtsp_password']}', 640, 480, '{$data['mjpeg_path']}', '{$data['model']}', {$data['rtsp_rtp_prefer_tcp']}, {$data['onvif_port']},'{$data['substream_path']}', {$data['hls_window_size']}, {$data['hls_segment_size']}, {$data['hls_segment_duration']})", true);
+
+		$hls_segment_size = $data['hls_segment_size']  ? $data['hls_segment_size'] : 0;
+		$hls_segment_duration = $data['hls_segment_duration'] ?  $data['hls_segment_duration'] : 0;
+		$inputQuery = "INSERT INTO Devices (device_name, protocol, device, driver, rtsp_username, rtsp_password, resolutionX, resolutionY, mjpeg_path, model, rtsp_rtp_prefer_tcp, onvif_port, substream_path, hls_window_size, hls_segment_size, hls_segment_duration) VALUES ('{$data['device_name']}', '{$data['protocol']}', '{$data['device']}', '{$data['driver']}', '{$data['rtsp_username']}', '{$data['rtsp_password']}', 640, 480, '{$data['mjpeg_path']}', '{$data['model']}', {$data['rtsp_rtp_prefer_tcp']}, {$data['onvif_port']},'{$data['substream_path']}', {$data['hls_window_size']}, {$hls_segment_size}, {$hls_segment_duration})";
+
+		$result = data::query($inputQuery, true);
 		#try to automatically set the camera up
 		$message = ($result) ? AIP_CAMADDED : false;
 		if ($result)