Post by: Bas Konings on February 01, 2002, 01:02:54 AM
The script is running from an ibay.
On e-smith 4.1.1 its ok, on SME 5.0 its ok, but after an upgrade to SME 5.1.2 i receive an error :S
The error is: open_basedir restriction in effect.
In the PHP manual it states its something to do with safe_mode, but thats off in the default php.ini as far as i can tell.
Anyone have a solution?
What has changed and how can i undo it?
(piece of the script)
$path="$imgupdir";
$handle=opendir($path);
while ($file = readdir($handle)) {
$file_path = "$path/$file";
if ($file != "." && $file != ".." && substr($file,0,1)!=".") {
if(!is_dir($file_path)) {
echo ("
");
}
}
}
closedir($handle);
?>
The line 2 creates the error apparently ... but on SME 5.0 its ok :?
Post by: Charlie Brady on February 01, 2002, 03:24:48 AM
> On e-smith 4.1.1 its ok, on SME 5.0 its ok, but after an
> upgrade to SME 5.1.2 i receive an error :S
>
> The error is: open_basedir restriction in effect.
>
> In the PHP manual it states its something to do with
> safe_mode, but thats off in the default php.ini as far as i
> can tell.
>
> Anyone have a solution?
> What has changed and how can i undo it?
As a security feature, PHP code running from an i-bay is, by default, restricted to only accessing files within that i-bay. To change the default, from the command line, as root, do:
/sbin/e-smith/db accounts setprop foo PHPBaseDir /home/e-smith/files
# Where 'foo' is the name of the i-bay, and /home/e-smith/files is the new
# Base directory you wish to allow access to (see PHP doco for details).
/sbin/e-smith/signal-event ibay-modify foo
Regards
Charlie
Post by: Bas Konings on February 01, 2002, 10:42:24 AM
Post by: Johan on February 03, 2002, 04:51:42 AM
I have almost the same problem. I have a php script that is located in one i-bay that’s access and edit files in another i-bay. I can't get it to work with your solution. Is there anyway to shutdown this feature completely?
/Johan
Post by: Dan York on February 04, 2002, 09:49:10 PM
>
> Is this a new feature? In SME 5 and before this wasn't default.
Yes, for a number of reasons, including the fact that I could
write a one-line PHP file that could expose *any* file on the
server, we needed to tighten up security for PHP. Restricting
PHP access to just the i-bay directory was the chosen method
(I was not involved in the choice, so I do not know what other
options were considered).
Is there any way you can write your PHP script in the one i-bay
to call the files in the other i-bay via a URL on the server?
That should still work (but might not work the way you need
it to).
Dan
Post by: Luke Drumm on February 05, 2002, 08:04:03 AM
http://forums.contribs.org/index.php?topic=12706.msg47725#msg47725
Please take note of the security implications of doing this.
Regards,
Luke