If you have no colorset choice in Bulletproof

Barberousse · Post by **Barberousse** » Sun Dec 30, 2007 8:16 pm

Hello

Found here: http://www.php.net/manual/function.glob.php

For security reason, the glob function may be prohibited on some servers (on free.fr for instance) and you will get no colorset listing with the Bulletproof template. To correct this, open "config.inc.php" in "templates/bulletproof" and change line 16

Code: Select all

if ($serendipity['GET']['adminModule'] == 'templates') {
    $css_files = glob(dirname(__FILE__) . '/*_style.css');

by

Code: Select all

function safe_glob($pattern, $flags=0) {
    $split=explode('/',$pattern);
    $match=array_pop($split);
    $path=implode('/',$split);
    if (($dir=opendir($path))!==false) {
        $glob=array();
        while(($file=readdir($dir))!==false) {
            if (fnmatch($match,$file)) {
                if ((is_dir("$path/$file"))||(!($flags&GLOB_ONLYDIR))) {
                    if ($flags&GLOB_MARK) $file.='/';
                    $glob[]=$file;
                }
            }
        }
        closedir($dir);
        if (!($flags&GLOB_NOSORT)) sort($glob);
        return $glob;
    } else {
        return false;
    }
}

if ($serendipity['GET']['adminModule'] == 'templates') {
    $css_files = safe_glob(dirname(__FILE__) . '/*_style.css');

Barberousse.

Post by **yellowled** » Sun Dec 30, 2007 9:14 pm

Barberousse wrote:For security reason, the glob function may be prohibited on some servers (on free.fr for instance) and you will get no colorset listing with the Bulletproof template. To correct this, open "config.inc.php" in "templates/bulletproof" and change (...)

I am no coder, and neither are my fellow BP developers, but if someone from the coder ranks (Garvin? Jude? Anyone?

) can validate this, I'd like to include the code into BP for future versions if it will be working on any server and doesn't affect Grandma's notorious performance pennies.

Thanks for sharing this!

YL

Post by **Don Chambers** » Mon Dec 31, 2007 1:16 am

Yup - same here. I need input from the php experts on this one.

Post by **garvinhicking** » Mon Dec 31, 2007 11:51 am

Hi!

You can emulate glob() with other PHP calls, but that is way too much overhead. To keep the code lean and simple, I object to adding this to the default BP code.

However, this forum information should prove helpful for other free.fr users. They already need some other custom modifications, so basically it's up to the user to do those mods if he uses a so restricted free service provider...

We have to draw a line between usability and easy of code for the majority of our users. Adding more code with overhead for 99% of the users to help 1% of the users is IMHO not so good. Other opinions?

Regards,
Garvin

blog.brockha.us · Post by **blog.brockha.us** » Mon Dec 31, 2007 1:53 pm

I think so, too, Garvin.

There could be a compromise maybe: Do two versions of the function. One with the overheaded code and the other with the old code. In the configuration of s9y the user could select "safe glob on/off" defaulting to "off". This is only little overhead for 99% of the users, but it still is overhead..

Post by **yellowled** » Tue Jan 01, 2008 10:02 pm

garvinhicking wrote:To keep the code lean and simple, I object to adding this to the default BP code.

Okeydokey

I'm not a fan of the solution with the two versions, either, so let's just stick with the old code for the time being unless we get hold of other hosters with this issue.

YL

Post by **Don Chambers** » Wed Jan 02, 2008 5:38 am

Does Grischa's suggestion of an s9y config option filter down to a template config option with minimal overhead? Barberousse's suggestion is to config.inc.php, which is template-specific.

BTW Barberousse - regardless of the decision on this matter, thanks for taking the time to make the suggestion!!!! Please keep contributions like this coming!!

Post by **yellowled** » Wed Jan 02, 2008 12:03 pm

Don Chambers wrote:Does Grischa's suggestion of an s9y config option filter down to a template config option with minimal overhead?

You're right, but if I understand Garvin right, free.fr users will have to do various modifications anyway. I don't think there's a point in supporting an obviously strange hosting service.

YL

Barberousse · Post by **Barberousse** » Thu Jan 03, 2008 3:42 pm

yellowled is right, Free.fr has a lot of limitations.

I made modifications for the Menalto Gallery script too, but it is huge... But I had no problem with Serendipity until I discovered the "glob" problem.

I think that it's a waste of time for Bulletproof maintainers to keep trying to make it work with these specific providers.

But I guess that the specific "glob" problem can occur on any server using safe mode because of a security risk (see here: http://seclists.org/fulldisclosure/2005/Sep/0001.html).

The solution I gave works only with UNIX servers (it uses the "fnmatch" function: http://www.php.net/manual/function.fnmatch.php), so you can't include it as a global workaround.

Barberousse.

Pakito · Post by **Pakito** » Thu Feb 07, 2008 7:01 pm

Hi, I just wanted to confirm that the code submitted by Barberousse works on free.fr.
It indeed enables to change the default colorset from the standard purple.

Thanks Barberousse !

If you have no colorset choice in Bulletproof

If you have no colorset choice in Bulletproof

Re: If you have no colorset choice in Bulletproof