Advertisement:
Anonymous Login
12-05-2016 07:46 PM

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004772SMF 2.0Generalpublic2012-08-23 20:35
Reporterfeline 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformallOSLinuxOS VersionSuse 11
Summary0004772: OpenBaseDir restiction in Packages.php
DescriptionThis code produce the error:
    $dh = opendir($path);
    while ($entry = readdir($dh))
    {
        // Some kind of file?
        if (!is_dir($path . '/' . $entry))
        {

To fix this, change that to:
    $dh = opendir($path);
    while ($entry = readdir($dh))
    {
        // Some kind of file?
        if ($entry != '.' && $entry != '..' && !is_dir($path . '/' . $entry))
        {
Tags2.1
Attached Files

-Relationships
+Relationships

-Notes

bugnote:0014054

SleePy (Developer)

Last edited: 2011-07-08 13:24

View 2 revisions

Um...
I only got to say your PHP installation is messed up or incorrectly configured. !is_dir should return false for entry being . or ..
is_dir will return true, but ! inverses this to false. So it should fall through to the else which does check for those.


What error are you receiving?

bugnote:0014081

feline (Viewer)

error is OpenBaseDir restriction
server data:
MySQL version: 5.0.51a
Alternative PHP Cache: 3.1.7
PHP: 5.2.11
Server version: Apache/2.2.8 (Linux/SUSE)
open_basedir not set in php.ini

bugnote:0014084

SleePy (Developer)

Are you saying that is from our code? Far as I can tell, we do not provide any warnings about openbase dir being set:
jeremy@Zeus:/home/svn/sm-smf$grep -Rn "basedir" trunk/Themes/default/languages/
jeremy@Zeus:/home/svn/sm-smf$

Can you give me the exact error it is giving you?


As I said, the logic of that function is already making sure that it isn't a directory. So if this is giving you a open basedir restrictions, there must be something incorrectly configured or a PHP bug was discovered. (btw php 5.2 is no longer supported in some aspects by the php team).

bugnote:0014085

SleePy (Developer)

As a FYI just to make sure I wasn't misunderstood. We don't provide any warnings. Our code base does in some parts attempt to detect open basedir being set:

jeremy@Zeus:/home/svn/sm-smf$grep -Rn "basedir" branches/2.0/Sources/
branches/2.0/Sources/ManageSmileys.php:567: if (!is_uploaded_file($_FILES['uploadSmiley']['tmp_name']) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['uploadSmiley']['tmp_name'])))
branches/2.0/Sources/ManageSmileys.php:638: if (!is_uploaded_file($_FILES['individual_' . $set['name']]['tmp_name']) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['individual_' . $set['name']]['tmp_name'])))
branches/2.0/Sources/ManageSmileys.php:1365: if (isset($_FILES['set_gz']) && is_uploaded_file($_FILES['set_gz']['tmp_name']) && (@ini_get('open_basedir') != '' || file_exists($_FILES['set_gz']['tmp_name'])))
branches/2.0/Sources/PackageGet.php:642: elseif (!is_uploaded_file($_FILES['package']['tmp_name']) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['package']['tmp_name'])))
branches/2.0/Sources/Post.php:988: if (!is_uploaded_file($_FILES['attachment']['tmp_name'][$n]) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['attachment']['tmp_name'][$n])))
branches/2.0/Sources/Subs-Post.php:2079: $file_restricted = @ini_get('open_basedir') != '' && !$already_uploaded;
branches/2.0/Sources/Themes.php:1447: if (isset($_FILES['theme_gz']) && is_uploaded_file($_FILES['theme_gz']['tmp_name']) && (@ini_get('open_basedir') != '' || file_exists($_FILES['theme_gz']['tmp_name'])))

bugnote:0014088

feline (Viewer)

is_dir returns true on . and ..
I checked that on php 5.3.1
var_dump(is_dir('.'));
var_dump(is_dir('..'));
returns:
bool(true)
bool(true)

bugnote:0014092

SleePy (Developer)

Yes, but the code does a not true check:
         if (!is_dir($path . '/' . $entry))
If is NOT dir $parth . '/' . $entry

bugnote:0014098

feline (Viewer)

That it's not the point. I checked that on my Server and find out:
is_dir('..') returns false and the error:
is_dir(): open_basedir restriction in effect. File(..) is not within the allowed path(s):
The current folder is my forum dir ($boarddir)

bugnote:0014112

SleePy (Developer)

Well that is odd. You said open basedir isn't set (per your first comment)

None the less we can fix it.

bugnote:0014114

groundup (SMF Friend)

Can we create another function instead of checking if $filename === '.' || $filename === '..' etc.

bugnote:0014115

SleePy (Developer)

groundup,

I think the easiest solution would be to change !is_dir to is_file. Both existed in PHP at the same time, so its not a problem.
http://php.net/manual/en/function.is-file.php
http://php.net/manual/en/function.is-dir.php

bugnote:0014118

groundup (SMF Friend)

What happens with symlinks?

bugnote:0014119

SleePy (Developer)

They work just fine:

jeremy@Zeus:/home/svn/sm-smf$ln -s branches branches_syn
jeremy@Zeus:/home/svn/sm-smf$ln -s .DS_Store DS_syn
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_dir("branches"));'
bool(true)
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_dir("branches_syn"));'
bool(true)
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_file(".DS_Store"));'
bool(true)
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_file("DS_syn"));'
bool(true)
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_file("branches"));'
bool(false)
jeremy@Zeus:/home/svn/sm-smf$php -r 'var_dump(is_file("branches_syn"));'
bool(false)

bugnote:0014461

emanuele (Viewer)

Still there.

So is_file is the best choice here?

bugnote:0014531

Spuds (Viewer)

Either what the OP suggested or is_file would be fine. Seems though that since the check is to see if it is a file, is_file is more readable then not a directory.

bugnote:0014533

Spuds (Viewer)

Commit:7f5207bb8966fa1235d2ce7c231269ee91f31ef6

* ! [4772]: OpenBaseDir restriction in Packages.php
+Notes
MantisBT (Modified for SMF Intergration)[^] Copyright © 2000 - 2010 Mantis Group