Added a new configuration setting - directorypermissions - and set it by default to 0700.

Use it in check_dir_exists, to set the permissions of directories created in dataroot.

Directories used to be created 0777, which is unnecessary unless the user is on shared hosting and needs to download their dataroot at some point later (which they will do for backup purposes).

htdocs/config-dist.php

@@ -48,6 +48,13 @@ $cfg->dbprefix = '';
 // this is a big security hole.
 $cfg->dataroot = '/path/to/uploaddir';
 
+// directorypermissions - what permissions to use for files and directories in 
+// dataroot. The default allows only the web server user to read the data. If 
+// you're on shared hosting and might want to download the contents of your 
+// dataroot later (e.g. for backup purposes), set this to 0777. Otherwise, 
+// leave it as is!
+//$cfg->directorypermissions = 0700;
+
 // insecuredataroot - whether to enforce checking that files being served have 
 // come from dataroot. You would only want to turn this on if you were running 
 // more than one Mahara against the same dataroot. If you are doing that, make 

htdocs/init.php

@@ -62,6 +62,11 @@ foreach (array('docroot', 'dataroot') as $path) {
 $CFG->xmldbdisablenextprevchecking = true;
 $CFG->xmldbdisablecommentchecking = true;
 
+// ensure directorypermissions is set
+if (empty($CFG->directorypermissions)) {
+    $CFG->directorypermissions = 0700;
+}
+
 // core libraries
 require('mahara.php');
 ensure_sanity();

htdocs/lib/mahara.php

@@ -753,9 +753,9 @@ function check_dir_exists($dir, $create=true, $recursive=true) {
         if (!$create) {
             $status = false;
         } else {
-            umask(0000); 
-            $status = @mkdir($dir, 0777, true);
-            // @todo has the umask been clobbered at this point, and is this a bad thing?
+            $mask = umask(0000);
+            $status = @mkdir($dir, get_config('directorypermissions'), true);
+            umask($mask);
         }
     }
     return $status;