Insufficient permissions on packages.php

[tom-sinclair]

• Laravel Version: v5.7.10
• PHP Version: 7.1
• Database Driver & Version: MS SQL Server

Description:

When running artisan package:discover the generated bootstrap/cache/packages.php file doesn't have sufficient permissions to be opened when running the app. Reverting back to v5.7.9 works.

Steps To Reproduce:

Install v5.7.10
run php artisan package:discover
Go any URL for your application

[Yogarine]

This is caused because tempnam() already creates the file with limited permissions 600.
The temp packages.php is then moved over the original, but it still has the limited permissions.

I have a proposed fix where I simply unlink() the temporary file created, so the new file written by file_put_contents() respects the current umask.

The alternatives are:

• Don't use tempnam() but instead create a file with uniqid().
• Change the permissions of the tempfile after creating it.

I don't like the first alternative because tempnam() is specifically made for this case, and has the added effect of actually testing whether the file can be written.

The second solution means we have to figure out the current umask to keep it consistent. Using umask() is cumbersome and not recommended on multi-threaded servers.

[barryvdh]

I think this should be fixed with above PR, which is merged and tagged as 5.7.11