How 1.4.19 manages to work in safe mode How 1.4.19 manages to work in safe mode
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How 1.4.19 manages to work in safe mode

Started by MaxS, January 26, 2009, 11:58:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MaxS

This post is not about a Coppermine problem – so I will understand if Moderator deletes it or curses me or both. But the General Discussion forum is locked, so...

My Coppermine 1.4.19 "runs without any problem in safe mode and with the 'open basedir restriction' active, provided safe mode is properly configured". Since, except when silly_safe_mode is set, db_import appears to want to create a unique subdirectory for each user (named 10000 + user_id) when that user first HTTP-uploads pictures, I would appreciate if anyone could elaborate how this manages to work when in safe mode and exactly which system misconfiguration silly_safe_mode is intended to circumvent. Why? I have in a totally different (non-Coppermine) environment the problem of issuing mkdirs from PHP scripts (which have my FTP UID) when the resulting subdirectories have Apache's UID and any resulting file placements in that subdirectory fail because of the safe mode check.         


Hein Traag


MaxS

Documentation item 2.3 is the first thing I read.
But it does not unfortunately address my question: which is not how to configure Coppermine to make it work under safe mode's restrictions but how Coppermine then does so. The same is true for silly_safe_mode: I see in the code where it set and where it is used, but...

I read the code, but - perhaps because I am a second-rate (or even third-rate) PHP coder or perhaps because I have a totally inadequate understanding of how Coppermine works and the precise definition of its variables - do not comprehend what is actually happening in this area. Pls forgive my ignorance.

Joachim Müller

All that silly safe mode does is to avoid creating new folders, because that would lead to errors on poorly configured servers. If silly safe mode is on, all http uploads will go into the userpics folder and not into subfolders. That's it. Not sure how that is going to help you.