[TYPO3-core] RFC #8130: Bug: addService() working with open_basedir and symlink
Xavier Perseguers
typo3 at perseguers.ch
Mon Apr 21 15:22:54 CEST 2008
Hi all,
>>> Solution:
>>> The patch takes care of finding out if open_basedir is used and if so,
>>> assumes that the administrator knows what he did and returns true for
>>> any external tool located as a direct child of a directory listed in
>>> open_basedir PHP configuration's property.
>> I would prefer to check for a symbolic link. If is_symlink returns true you
>> can also omit the check if the file is within the open_basedir, because it
>> would not work otherwise.
>
> I would prefer too, and I tested it before creating my patch but for an
> odd reason I cannot yet understand, is_symlink() does not work either
> and always returns false, just as is_executable()! I know this is really
> strange!
What about this patch for the release of Wednesday as Ingo informed us?
Xavier
More information about the TYPO3-team-core
mailing list