Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
Report any technical problems you discover and discuss solutions.
  • Page:
  • 1

TOPIC:

v3: folder library including config.php 9 years 3 months ago #2967

  • jayaich
  • jayaich's Avatar Topic Author
  • Offline
  • Premium Member
  • Premium Member
  • Posts: 82
  • Thank you received: 5
Hello,

We have set the PHP open_basedir option and have noticed some warnings of files being opened outside of the basedir directories. These seem to come from the file 'website_code/php/display_library.php', when 'file_exists' is called. However, the code runs further checks to locate 'config.php' and these are successful (and give no warnings):
if (file_exists('../../../config.php')) {

  require_once('../../../config.php');

} elseif (file_exists(dirname(__FILE__) . '/../../config.php')) {
  require_once(dirname(__FILE__) . '/../../config.php');
} else {

  require_once('config.php');

}

It seems that many files use '../../../config.php', but these are all three levels down, so they work. It seems that it is used in only two places where the files are two levels down. One is the 'display_library' file mentioned above, but that caters for the potential problem.
The second is the file 'website_code/php/folder_library.php', and this file does no extra checking. It just uses:
require_once('../../../config.php');

This will fail, and cause php warnings being outside of our web root area. The file should include further location checks the same as the 'display_library' file.

Obviously not setting 'open_basedir' avoids any warnings, but the 'require_once' call in the 'folder_library' file will still fail since the 'config.php' file does not exist in the location it is checking.


John.

Please Log in or Create an account to join the conversation.

v3: folder library including config.php 9 years 3 months ago #2970

  • julten
  • julten's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 137
  • Thank you received: 18
Hello, thanks: I have commited that change.
The following user(s) said Thank You: jayaich

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Moderators: ronmjultenJohnSmith
Time to create page: 0.048 seconds
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search