[pmwiki-users] Bug report: interaction with open_basedir restriction
H. Fox
haganfox at users.sourceforge.net
Thu Jan 12 19:33:18 CST 2006
On 1/12/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Jan 12, 2006 at 10:26:26PM +0100, Joachim Durchholz wrote:
> > In that case, fixperms in pmwiki.php will execute
> > if (fileowner($fname)!=fileowner('.')) $bp = (is_dir($fname)) ? 007 :
> > 006;
> > if (filegroup($fname)==filegroup('.')) $bp <<= 3;
> >
> > The fileowner() and filegroup() calls try to access the directory
> > itself; however, PHP won't allow accessing the open_basedir itself, just
> > files *under* it, and so PHP will emit two warnings whenever fixperms()
> > is called.
> >
> > The fix that worked for me was replacing '.' with 'pmwiki.php'.
>
> Unfortunately we can't be guaranteed that 'pmwiki.php' exists,
> because some people rename the script to be something else.
> We also might be in a farm/field situation, in which case
> there might just be an 'index.php' in the directory, which
> could be named anything.
>
> I don't have a good answer for this one, other than that
> open_basedir has a really lousy implementation (along with
> "safe_mode"). I suppose the best thing to do is to leave it
> as a dot and suppress the warnings/error messages.
How about something with the effect of
if (@is_file('pmwiki.php')) {
if (filegroup($fname)==filegroup('pmwiki.php')) $bp <<= 3;
} else {
if (filegroup($fname)==filegroup('.')) $bp <<= 3;
}
?
Hagan
More information about the pmwiki-users
mailing list