[pmwiki-users] Bug report: interaction with open_basedir restriction

H. Fox haganfox at users.sourceforge.net
Thu Jan 12 19:33:18 CST 2006


On 1/12/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Jan 12, 2006 at 10:26:26PM +0100, Joachim Durchholz wrote:
> > In that case, fixperms in pmwiki.php will execute
> >    if (fileowner($fname)!=fileowner('.')) $bp = (is_dir($fname)) ? 007 :
> > 006;
> >    if (filegroup($fname)==filegroup('.')) $bp <<= 3;
> >
> > The fileowner() and filegroup() calls try to access the directory
> > itself; however, PHP won't allow accessing the open_basedir itself, just
> > files *under* it, and so PHP will emit two warnings whenever fixperms()
> > is called.
> >
> > The fix that worked for me was replacing '.' with 'pmwiki.php'.
>
> Unfortunately we can't be guaranteed that 'pmwiki.php' exists,
> because some people rename the script to be something else.
> We also might be in a farm/field situation, in which case
> there might just be an 'index.php' in the directory, which
> could be named anything.
>
> I don't have a good answer for this one, other than that
> open_basedir has a really lousy implementation (along with
> "safe_mode").  I suppose the best thing to do is to leave it
> as a dot and suppress the warnings/error messages.

How about something with the effect of

if (@is_file('pmwiki.php')) {
  if (filegroup($fname)==filegroup('pmwiki.php')) $bp <<= 3;
} else {
  if (filegroup($fname)==filegroup('.')) $bp <<= 3;
}

?

Hagan




More information about the pmwiki-users mailing list