[pmwiki-users] Bug report: interaction with open_basedir restriction

Joachim Durchholz jo at durchholz.org
Thu Jan 12 15:26:26 CST 2006


Hi all,

I just stumbled over a PmWiki buglet.

Conditions:
* PmWiki 2.0.13 (latest stable)
* PHP 4.3.4
* open_basedir is the same as the PmWiki installation dir
   e.g. PmWiki installed in /srv/www/maquaris.de/
   open_basedir = /srv/www/maquaris.de/
   (The bug will not occur if PmWiki is installed in a deeper directory.)

In that case, fixperms in pmwiki.php will execute
   if (fileowner($fname)!=fileowner('.')) $bp = (is_dir($fname)) ? 007 : 
006;
   if (filegroup($fname)==filegroup('.')) $bp <<= 3;

The fileowner() and filegroup() calls try to access the directory 
itself; however, PHP won't allow accessing the open_basedir itself, just 
files *under* it, and so PHP will emit two warnings whenever fixperms() 
is called.

The fix that worked for me was replacing '.' with 'pmwiki.php'.

Regards,
Jo




More information about the pmwiki-users mailing list