[pmwiki-users] Bug report: interaction with open_basedir restriction

Patrick R. Michaud pmichaud at pobox.com
Thu Jan 12 16:20:19 CST 2006


On Thu, Jan 12, 2006 at 10:26:26PM +0100, Joachim Durchholz wrote:
> In that case, fixperms in pmwiki.php will execute
>    if (fileowner($fname)!=fileowner('.')) $bp = (is_dir($fname)) ? 007 : 
> 006;
>    if (filegroup($fname)==filegroup('.')) $bp <<= 3;
> 
> The fileowner() and filegroup() calls try to access the directory 
> itself; however, PHP won't allow accessing the open_basedir itself, just 
> files *under* it, and so PHP will emit two warnings whenever fixperms() 
> is called.
> 
> The fix that worked for me was replacing '.' with 'pmwiki.php'.

Unfortunately we can't be guaranteed that 'pmwiki.php' exists,
because some people rename the script to be something else.
We also might be in a farm/field situation, in which case
there might just be an 'index.php' in the directory, which
could be named anything.

I don't have a good answer for this one, other than that
open_basedir has a really lousy implementation (along with
"safe_mode").  I suppose the best thing to do is to leave it
as a dot and suppress the warnings/error messages.

Pm




More information about the pmwiki-users mailing list