[Bug][Regression] Fix dir permissions (#1569)

* Fix dir permissions

* Remove outdated comment

.env.example

@@ -45,16 +45,6 @@ DB_LOG_SQL=false
 # Some rare setups may require directories and files to be world writeable.
 # In this case, use "world" here.
 # USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
-# Note at the time of writing, the Flysystem package v1 has a bug which
-# prevents the "world" preset from working.
-# This is a temporary problem and will be solved after
-# https://github.com/thephpleague/flysystem/pull/1523 will have been merged
-# upstream or after Lychee will have migrated to Laravel 9.
-# Until then, if you need to use world-writable directories, please edit
-# `config/filesystems.php` and re-define the values for
-# `disks.images.permissions.(file|dir).public` such that they equal
-# `disks.images.permissions.(file|dir).world` and use the preset `public`
-# instead.
 # LYCHEE_IMAGE_VISIBILITY=public
 
 # folders in which the files will be stored
@@ -91,4 +81,4 @@ MAIL_FROM_ADDRESS=
 TRUSTED_PROXIES=null
 
 # Comma-separated list of class names of diagnostics checks that should be skipped.
-#SKIP_DIAGNOSTICS_CHECKS= 
+#SKIP_DIAGNOSTICS_CHECKS=

app/Image/FlysystemFile.php

@@ -54,9 +54,30 @@ public function write($stream, bool $collectStatistics = false): ?StreamStat
 		try {
 			$streamStat = $collectStatistics ? static::appendStatFilter($stream) : null;
 
+			// The underlying Flysystem currently behaves inconsistent
+			// with respect to whether it honors the umask value or not.
+			// Hence, we explicitly set umask to zero to achieve consistent
+			// behaviour.
+			// Setting umask can be removed, after
+			// https://github.com/thephpleague/flysystem/issues/1584
+			// has been solved.
+			// Also consider the warning in
+			// https://www.php.net/manual/en/function.umask.php
+			// regarding timing issues:
+			// "Avoid using this function [...]. It is better to change the
+			// file permissions with chmod() after creating the file. Using
+			// umask() can lead to unexpected behavior of concurrently running
+			// scripts and the webserver itself because they all use the same
+			// umask."
+			// However, Lychee cannot use `chmod`, because Flysystem may
+			// also recursively create missing parent directories and/or
+			// not be local.
+			// This problem must be fixed on the library layer.
+			$umask = \umask(0);
 			if (!$this->disk->writeStream($this->relativePath, $stream)) {
 				throw new FlySystemLycheeException('Filesystem::writeStream failed');
 			}
+			\umask($umask);
 
 			return $streamStat;
 		} catch (\ErrorException|FilesystemException $e) {

config/filesystems.php

@@ -47,6 +47,7 @@
 			'root' => env('LYCHEE_UPLOADS', public_path('uploads/')),
 			'url' => env('LYCHEE_UPLOADS_URL', 'uploads/'),
 			'visibility' => env('LYCHEE_IMAGE_VISIBILITY', 'public'),
+			'directory_visibility' => env('LYCHEE_IMAGE_VISIBILITY', 'public'),
 			'permissions' => [
 				'file' => [
 					'world' => 00666,