Wedge
Public area => Bug reports => The Pub => Archived fixes => Topic started by: Anthony` on November 7th, 2012, 10:31 PM
-
Trying to view the page shows a blank page.
I investigated and found the cause on line 471 in ManageServer.php,
$settings['load_average'] = @file_get_contents('/proc/loadavg');
When I remove the supression operator, I get the following errors,Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/proc/loadavg) is not within the allowed path(s): (/home/...:usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp) in /.../wedge/Sources/ManageServer.php on line 471
Warning: file_get_contents(/proc/loadavg) [function.file-get-contents]: failed to open stream: Operation not permitted in /.../wedge/Sources/ManageServer.php on line 471
-
Do you get the same problem in SMF?
/medoesn't recall changing that code.
-
As a matter of fact I do too.
-
So the problem's an underlying SMF one, less than strictly a Wedge one. Encouraging, but not ideal.
-
It's more of a server security issue. I remember having the problem at an earlier host. The current one supports this but the only difference is I can see the load average, that's all... If it's not supported -- it doesn't show anything.
Not a biggie IMHO.
-
But why, if it's not supported, would it generate a white screen error?
-
Honestly, I don't know. I don't remember getting a blank page on this, ever...
-
I went back into the code and the cause of the blank page seems to be the backtick operator executing the shell command here:
elseif (($settings['load_average'] = @`uptime`) !== null && preg_match('~load averages?: (\d+\.\d+), (\d+\.\d+), (\d+\.\d+)~i', $settings['load_average'], $matches) !== 0)
I suspect it's somewhat like my experience in an earlier bug report with exec(?) hanging on me and producing a blank page as well.
Again, removing the supression operator and I get the following error:Warning: shell_exec() has been disabled for security reasons in /.../wedge/Sources/ManageServer.php on line 474
-
So, I've replaced this internally with @shell_exec('uptime')... Can you do the same and tell me if it works this time..?
(There's also another occurrence in Load.php, BTW. Done too.)
-
I don't get why it's white-screening instead of just giving you an actual error, though.
-
So, I've replaced this internally with @shell_exec('uptime')... Can you do the same and tell me if it works this time..?
(There's also another occurrence in Load.php, BTW. Done too.)
Warning: shell_exec() has been disabled for security reasons in /.../wedge/Sources/ManageServer.php on line 474
I don't get why it's white-screening instead of just giving you an actual error, though.
-
That's the thing - as far as I know they shouldn't.
-
Looks like this has been protected against in the code with can_shell_exec().