[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Xavier Perseguers
typo3 at perseguers.ch
Mon Oct 13 15:19:26 CEST 2008
Hi Ingo,
>> Warning: is_readable() [function.is-readable]: open_basedir
>> restriction in effect. File(/dev/urandom) is not within the allowed
>> path(s):
>> (/var/www/data/domain.tld/www:/var/www/data/share:/usr/share/php:/tmp)
>> in
>> /var/www/data/share/typo3_src-4.2.2/typo3/sysext/openid/sv1/class.tx_openid_sv1.php
>> on line 257
>>
>> You missed the @ prepended to both is_readable() calls.
>
> why should we need the @ here?
> From the dscription at [1] I don't see why we should need them -
> especially as we require PHP5.2
> Are you on 5.2, or at least 5.1.5?
I'm on 5.2.0 and the problem is that when you use a PHP with strict
security configuration (from the Hardened-PHP project), then you
typically set the open_basedir on a per virtual host basis. And if you
do not allow /dev/urandom to be read but have let warning messages on
(which you shouldn't of course on production), then is_readable call
fails with a warning which can easily be removed with the @ prefix
--
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html
More information about the TYPO3-team-core
mailing list