Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

JPath::check() throws Error 20 when running in a chroot jail #584

Merged
merged 1 commit into from Dec 3, 2011

Conversation

Projects
None yet
5 participants
Contributor

nikosdion commented Dec 2, 2011

When JPATH_ROOT is an empty string –i.e. we run inside a chroot jail– JPath::check() always raises error 20 (snooping out of bounds). By definition of the chroot jail, we can snoop out of bounds in this case. Therefore this check should always succeed. Ergo the proposed change.

When JPATH_ROOT is an empty string –i.e. we run inside a chroot jail–…
… JPath::check() always raises error 20 (snooping out of bounds). By definition of the chroot jail, we can snoop out of bounds in this case. Therefore this check should always succeed. Ergo the proposed change.
Contributor

nikosdion commented Dec 2, 2011

For more information on a real-world case, please take a look at this support thread on my forum: https://www.akeebabackup.com/support/forum/akeeba-backup-support/admin-cant-access-to-backend-after-restore-in-other-directory/54376.html#p54376 The user gave me FTP access, so I was able to track the problem on his server. This problem is practical. I have come across numerous shared hosts running in chroot jails over the last five years and, right now, when the users of those hosts try to install Joomla! they will believe that newer versions of Joomla! are broken (AFAIK, Joomla! 1.5 did work on those hosts, albeit very quirky).

Test log missing. Tests failed to execute.
Checkstyle analysis not found.

eddieajau added a commit that referenced this pull request Dec 3, 2011

Merge pull request #584 from nikosdion/patch-2
JPath::check() throws Error 20 when running in a chroot jail

@eddieajau eddieajau merged commit 762ce51 into joomla:staging Dec 3, 2011

Contributor

eddieajau commented Dec 3, 2011

Thanks - merged. I think ultimately we need to make that more configurable because the idea of JPATH_ROOT is only directly applicable to the CMS.

Member

elkuku commented Dec 3, 2011

BTW..... I believe the jenkins tests are failing (mine also) because it seems that you should use the language construct empty() on variables only:

empty() only checks variables as anything else will result in a parse error.

I get a :
Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM in .../libraries/joomla/filesystem/path.php on line 180

Let me say: WOW =;)

Contributor

eddieajau commented Dec 3, 2011

sigh I need to clean my glasses. Can my logic is correct with this change:

if (constant('JPATH_ROOT') && strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
Contributor

nikosdion commented Dec 3, 2011

Oops! Writing code after midnight directly on GitHub doesn't help making sure it's correct. I should actually have typed:
if( (JPATH_ROOT != '') && strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
The problem is not whether JPATH_ROOT is defined or not (it is defined), but if it equals to an empty string.

Nicholas K. Dionysopoulos
Lead Developer, AkeebaBackup.com
Web: http://www.AkeebaBackup.com
Blog: http://www.dionysopoulos.me/blog

On Saturday, 3 December 2011 at 10:49, Andrew Eddie wrote:

sigh I need to clean my glasses. Can my logic is correct with this change:

if (constant('JPATH_ROOT') && strpos($path, JPath::clean(JPATH_ROOT)) !== 0)


Reply to this email directly or view it on GitHub:
#584 (comment)

Contributor

eddieajau commented Dec 3, 2011

I was just as blind :) Nic, can you make a new pull to fix this. Thanks.

Contributor

nikosdion commented Dec 3, 2011

Made pull request #594 to fix this. Thanks!

Contributor

elinw commented on 5ea87f3 Dec 3, 2011

I don't think empty(CONSTANT) will work.

@mbabker mbabker referenced this pull request Dec 3, 2011

Closed

Test if a constant exists. #597

ianmacl added a commit that referenced this pull request Dec 3, 2011

Merge pull request #594 from nikosdion/patch-3
Fix for erroneous pull request #584
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment