From 626c135d1e512977852aa6af99ba292cf786cc19 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Sat, 10 Mar 2007 11:26:30 -0600
Subject: [PATCH] Security: ensure file upload directory is not world-writable.
 (There still seem to be bugs in the file upload function.)

---
 app/models/web.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/models/web.rb b/app/models/web.rb
index d9aff5ed..2c72896d 100644
--- a/app/models/web.rb
+++ b/app/models/web.rb
@@ -89,6 +89,7 @@ class Web < ActiveRecord::Base
   def create_files_directory
     return unless allow_uploads == 1
     dummy_file = self.wiki_files.build(:file_name => '0', :description => '0', :content => '0')
+    File.umask(0002)
     dir = File.dirname(dummy_file.content_path)
     begin
       require 'fileutils'