[#20280] - [fix] openbase_dir correct processing, #13214
- Fixed in Code Base
- 5 May 2018
- Medium
- Build: staging
- # 20280
- Diff
- rvalitov:staging
User tests: Successful: Unsuccessful:
Improved fix for pull request #17349 .
Summary of Changes
If the open_basedir ini directive contains a path that links to a
symlink, PHP will resolve these paths and then perform the acutal
access check.
Joomla, however, only performed a plain string comparison. As a
result leading to false positives.
Testing Instructions
- Create directory: ~/a/public_html
- Create symlink: ~/b/ pointing to ~/a/
- Configure PHP's openbasedir to contain ~/b/public_html
- Have Joomla create a folder inside ~/a/public_html
Expected result
This should just work with no erorrs whatsoever.
Actual result
An error is presented that the path is not within open_basedir..
Documentation Changes Required
No
Votes
| Status | New | ⇒ | Pending |
| Category | ⇒ | Libraries External Library Composer Change |
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-05-02 13:58:55 |
| Closed_By | ⇒ | Quy |
| Closed_Date | 2018-05-02 13:58:55 | ⇒ | 2018-05-02 13:58:57 |
| Closed_By | Quy | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/20280
Closing as duplicate of #17349 with the revert. @rvalitov please submit PR to the other repo as advised.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20280.
mbabker
- | Status | Closed | ⇒ | New |
| Closed_Date | 2018-05-02 13:58:57 | ⇒ | |
| Closed_By | joomla-cms-bot | ⇒ | |
| Labels |
Added:
?
?
|
||
| Status | New | ⇒ | Pending |
I have tested this item
Before the patch:
Unable to create a folder in Media Manager
Unable to install an extension via upload
Unable to install an extension via Install from web
Unable to update extensions
After the patch:
Able to create a folder in Media Manager
Able to install an extension
Able to install an extension via Install from web
Able to update extensions
This includes the framework fix.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20280.
Thank you, I will make a pull request to the framework
Done, the correct PR is joomla-framework/filesystem#20
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20280.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20280.
Yes, please.
| Labels |
Added:
?
|
||
| Category | Libraries External Library Composer Change | ⇒ | Libraries |
Done, reverted
This PR is a duplicate of #17349 which was originally created by @Freeaqingme. Therefore, @rvalitov is not the creator, thus, his test is a valid count.
Sorry for pinging then :)
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-05-05 20:15:57 |
| Closed_By | ⇒ | mbabker | |
| Labels |
Removed:
?
|
||
The discussion is here #17349. Also I think this pull request will fix #13214