« Profile field values lost when edited
WebGet and open_basedir
SMF bug 4873 (agreement not shown, no error, if agreement.tx… »

live627

  • Talking Head
  • Should five per cent appear too small / Be thankful I don't take it all / 'Cause I'm the taxman, yeah I'm the taxman
  • Posts: 1,412
WebGet and open_basedir
« on August 1st, 2012, 06:31 AM »
On the last page of the installer, I see some of these errors:


Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in ./Sources/Class-WebGet.php on line 150

Arantor

  • With a Box
  • As long as the planets are turning, as long as the stars are burning, as long as your dreams are coming true...
  • Posts: 13,601
Re: WebGet and open_basedir
« Reply #1 on August 1st, 2012, 02:51 PM »
There's actually a fix documented on php.net for this, and I'll implement it when I have time, but I have to say while I can understand the restriction in the stupid 'safe mode', I have no idea why it's restricted with open_basedir.
  When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest.

Norodo

  • We-Gen
  • Oh you Baidu, so randumb. (60 sites being indexed at once? Jeez)
  • Posts: 390
Re: WebGet and open_basedir
« Reply #2 on August 1st, 2012, 03:05 PM »
Safe mode is so annoying. I had to deal with it all of the time when I had NFSNET as my host. It's pretty much their only drawback for me.

Arantor

  • With a Box
  • As long as the planets are turning, as long as the stars are burning, as long as your dreams are coming true...
  • Posts: 13,601
Re: WebGet and open_basedir
« Reply #3 on August 1st, 2012, 03:11 PM »
It has been dropped from later PHP releases simply because it doesn't actually add anything useful as far as safety goes.
  When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest.

Nao

  • With a Box
  • If you say so.....
  • Posts: 12,898
Re: WebGet and open_basedir
« Reply #4 on August 1st, 2012, 04:01 PM »
Well, even after the good ol' days of Safe Mode, remember how we got mod_security for Apache, the infamous module that would crash on you if you dared to enter ";id=" in the URL...? :P
...« I say wedge wedge (in the butt) »
 « Everyone knows rock attained perfection in 1974. It's a scientific fact. » (Homer Simpson)

Arantor

  • With a Box
  • As long as the planets are turning, as long as the stars are burning, as long as your dreams are coming true...
  • Posts: 13,601
Re: WebGet and open_basedir
« Reply #5 on August 1st, 2012, 04:03 PM »
There are way more rules in mod_security than that. Some of the configurations are downright weird, too.

(Yes, the host can actually configure what shows up in mod_security. I remember one host who used to actually kick back *any* requested URL with ; in it. Guess how that worked out for him.)
  When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest.

Dragooon

  • I can code! Really!
  • Talking Head
  • polygon.com has to be one of the best sites I've seen recently.
  • Posts: 1,723
Re: WebGet and open_basedir
« Reply #6 on August 1st, 2012, 06:41 PM »
Quote from Nao on August 1st, 2012, 04:01 PM
Well, even after the good ol' days of Safe Mode, remember how we got mod_security for Apache, the infamous module that would crash on you if you dared to enter ";id=" in the URL...? :P
That's why you changed AeMe to use ;in= :o, never knew that.
The way it's meant to be

Arantor

  • With a Box
  • As long as the planets are turning, as long as the stars are burning, as long as your dreams are coming true...
  • Posts: 13,601
Re: WebGet and open_basedir
« Reply #7 on August 1st, 2012, 07:20 PM »
Yup, that's the reason it was changed.
  When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest.

Nao

  • With a Box
  • If you say so.....
  • Posts: 12,898
Re: WebGet and open_basedir
« Reply #8 on August 1st, 2012, 07:38 PM »
Quote from Dragooon on August 1st, 2012, 06:41 PM
That's why you changed AeMe to use ;in= :o, never knew that.
Yup, was tired of the fake "bug reports"...
SMF did it by changing 'id' to 'tid' or whatever was the first letter of their variable (topic, message...), I decided to adopt a single name that would stand for 'id number' and just replace 'id'... Happy with it.
...« I say wedge wedge (in the butt) »
 « Everyone knows rock attained perfection in 1974. It's a scientific fact. » (Homer Simpson)

Arantor

  • With a Box
  • As long as the planets are turning, as long as the stars are burning, as long as your dreams are coming true...
  • Posts: 13,601
Re: WebGet and open_basedir
« Reply #9 on February 20th, 02:51 AM »
Bumping to remind myself to fix this. I do now know and understand why it is in place, I just haven't implemented it yet.
  When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest.

« Profile field values lost when edited
SMF bug 4873 (agreement not shown, no error, if agreement.tx… »