[TYPO3-core] RFC #8130: Bug: addService() working with open_basedir and symlink
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Fri May 16 17:58:25 CEST 2008
Michael Stucki schrieb:
> Xavier Perseguers wrote:
>
>> Solution:
>> The patch takes care of finding out if open_basedir is used and if so,
>> assumes that the administrator knows what he did and returns true for
>> any external tool located as a direct child of a directory listed in
>> open_basedir PHP configuration's property.
>
> I would prefer to check for a symbolic link. If is_symlink returns true you
> can also omit the check if the file is within the open_basedir, because it
> would not work otherwise.
More thoughts on that, Michael? The patch looks quite fine and I even
would apply it to 4.1.
Masi
PS: t3lib_exec is ... odd. I never noticed until now this it is a static
class that uses global vars as initialization. Any chance we refactor
this as a singleton?
More information about the TYPO3-team-core
mailing list