Check if open_basedir is set in loadConfigFile #2

Closed
taylorotwell opened this Issue Mar 14, 2013 · 8 comments

Comments

Projects
None yet
2 participants
@taylorotwell

We recently had a production issue where the loadConfigFile method in IronCore checks file_exists on the given config file. At the top of this method you should probably check:

if ( ! ini_get('open_basedir')) return;

So that you don't have any open_basedir errors on installations that do not have that directive set.

thousandsofthem added a commit that referenced this issue Mar 15, 2013

@thousandsofthem

This comment has been minimized.

Show comment Hide comment
@thousandsofthem

thousandsofthem Mar 15, 2013

Contributor

Is this what you looking for? If all ok, i will regenerate all .phar files

Contributor

thousandsofthem commented Mar 15, 2013

Is this what you looking for? If all ok, i will regenerate all .phar files

@taylorotwell

This comment has been minimized.

Show comment Hide comment
@taylorotwell

taylorotwell Mar 15, 2013

If you do it like that I think you need to remove the "!" so that you only call those methods if the ini_get returns true.

If you do it like that I think you need to remove the "!" so that you only call those methods if the ini_get returns true.

@thousandsofthem

This comment has been minimized.

Show comment Hide comment
@thousandsofthem

thousandsofthem Mar 15, 2013

Contributor

well, as far as i know, ini_get('open_basedir') never return true. Empty string (eqal to false) - if there are no restrictions, and list of allowed directories otherwise

Contributor

thousandsofthem commented Mar 15, 2013

well, as far as i know, ini_get('open_basedir') never return true. Empty string (eqal to false) - if there are no restrictions, and list of allowed directories otherwise

@taylorotwell

This comment has been minimized.

Show comment Hide comment
@taylorotwell

taylorotwell Mar 15, 2013

Hmm, maybe just cast it bool then?

Hmm, maybe just cast it bool then?

@thousandsofthem

This comment has been minimized.

Show comment Hide comment
@thousandsofthem

thousandsofthem Mar 15, 2013

Contributor

it is, already. empty string == false, string with text == true
e.g. http://stackoverflow.com/questions/2749759/php-open-basedir-to-return-value

It means if ini_get('open_basedir') == true then open_basedir restrictions in active state

Contributor

thousandsofthem commented Mar 15, 2013

it is, already. empty string == false, string with text == true
e.g. http://stackoverflow.com/questions/2749759/php-open-basedir-to-return-value

It means if ini_get('open_basedir') == true then open_basedir restrictions in active state

@taylorotwell

This comment has been minimized.

Show comment Hide comment
@taylorotwell

taylorotwell Mar 15, 2013

So shouldn't you remove the ! from the check on line 124? You would only
want to loadConfigFile if there are directories returned from open_basedir.

So shouldn't you remove the ! from the check on line 124? You would only
want to loadConfigFile if there are directories returned from open_basedir.

@thousandsofthem

This comment has been minimized.

Show comment Hide comment
@thousandsofthem

thousandsofthem Mar 15, 2013

Contributor

E.g. on my home pc ini_get('open_basedir') always return empty string. Which means no restrictions were applied and script able to get file located in home directory

Contributor

thousandsofthem commented Mar 15, 2013

E.g. on my home pc ini_get('open_basedir') always return empty string. Which means no restrictions were applied and script able to get file located in home directory

@taylorotwell

This comment has been minimized.

Show comment Hide comment
@taylorotwell

taylorotwell Mar 15, 2013

OK, i gotcha. Makes sense.

OK, i gotcha. Makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment