View Full Version : Why Http Messages = ..\--- INI setting doesn't work for .php files
Mouton
03-03-2004, 12:42 PM
ioFTPD.ini:
[HTTP_Service]
...
Messages = ..\text\http
https://localhost:10000/test.php:
Warning: Unknown(D:\ioFTPD\text\text\http\test.php): failed to open stream: No such file or directory in Unknown on line 0
Warning: (null)(): Failed opening 'D:\ioFTPD\text\text\http\test.php' for inclusion (include_path='.;c:\php4\pear') in Unknown on line 0Changing ioFTPD.ini to:
[HTTP_Service]
...
Messages = D:\ioFTPD\text\http
Fixes the problem.
Both settings works for .html files.
darkone
03-04-2004, 12:46 AM
It isn't a bug :p just that php interpreter can't handle paths with .. in them.
Mouton
03-04-2004, 12:58 PM
Well, that's a bug from a user point of view, since the allowed ..\ notation doesn't work.
Maybe u could just resolve the path in io before u give it to php interpreter.
thewarden
03-05-2004, 09:21 AM
Originally posted by darkone
It isn't a bug :p just that php interpreter can't handle paths with .. in them.
Pretty good reason why some people (old dogs) always use full paths :)
When you use several addons (from a users stand point) I always find that full paths work (as a rule) as some addons demand it.
Old habit...but it has not failed.
darkone
03-05-2004, 02:16 PM
I prefer not allow it, as it would/could open new security holes.
Mouton
03-05-2004, 04:12 PM
maybe change the default .ini that you pack then, and maybe add a comment over that line to warn users... the kb is a little full of those kind of stuff...
thewarden
03-06-2004, 05:54 AM
Originally posted by darkone
I prefer not allow it, as it would/could open new security holes.
Fully undersood...
But as Mouton said, the KB and ini are laid out as ..\
Maybe it's time to add this in ini
; use full paths for "area that needs it " section
Just as a reminder or there will be many more threads like this
as some don't know what the "search" function is used for :)
Mouton
03-06-2004, 08:26 AM
Originally posted by darkone
I prefer not allow it, as it would/could open new security holes. Must say I don't understand that. I suggested to translate the config path setting to full path, then give it to PHP. PHP will never see a .., and I can't really see how it would be possible to 'exploit' a ioFTPD.ini setting..? Since access to that file really means the guy is already in complete control of the ftp...
IMHO, forcing one full path in the config when all other paths can be relative, is not a good thing. I just installed it over at a friend's house, to transfer files from my notebook to his pc instead of using g6 (which ate up cpu like hell, and transfered at max 3MBps when io did 8.5MBps), and i told him 'what's cool, is that you can just move the dir wherever you want it... it will still work'
I think that's a good thing for io...
Anyway, enough babbling... just wanted to know if there was something i didn't see...
vBulletin® v3.8.11 Alpha 3, Copyright ©2000-2024, vBulletin Solutions, Inc.