[TYPO3-core] RFC #8130: Bug: addService() working with open_basedir and symlink
Michael Stucki
michael at typo3.org
Sun Apr 20 11:07:55 CEST 2008
Xavier Perseguers wrote:
> Solution:
> The patch takes care of finding out if open_basedir is used and if so,
> assumes that the administrator knows what he did and returns true for
> any external tool located as a direct child of a directory listed in
> open_basedir PHP configuration's property.
I would prefer to check for a symbolic link. If is_symlink returns true you
can also omit the check if the file is within the open_basedir, because it
would not work otherwise.
While working on it, please remove the @ in front of the checks, since this
might hide out some important information for the admin. The right way to
hide the messages is to configure display_errors correctly instead.
- if (@is_executable($path.$cmd) || in_array($path, $basedirPaths)) {
+ if (is_executable($path.$cmd) || is_symlink($path, $basedirPaths)) {
Regards, michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list