Page 1 of 1
If you have no colorset choice in Bulletproof
Posted: Sun Dec 30, 2007 8:16 pm
by Barberousse
Hello
Found here:
http://www.php.net/manual/function.glob.php
For security reason, the glob function may be prohibited on some servers (on free.fr for instance) and you will get no colorset listing with the Bulletproof template. To correct this, open "config.inc.php" in "templates/bulletproof" and change line 16
Code: Select all
if ($serendipity['GET']['adminModule'] == 'templates') {
$css_files = glob(dirname(__FILE__) . '/*_style.css');
by
Code: Select all
function safe_glob($pattern, $flags=0) {
$split=explode('/',$pattern);
$match=array_pop($split);
$path=implode('/',$split);
if (($dir=opendir($path))!==false) {
$glob=array();
while(($file=readdir($dir))!==false) {
if (fnmatch($match,$file)) {
if ((is_dir("$path/$file"))||(!($flags&GLOB_ONLYDIR))) {
if ($flags&GLOB_MARK) $file.='/';
$glob[]=$file;
}
}
}
closedir($dir);
if (!($flags&GLOB_NOSORT)) sort($glob);
return $glob;
} else {
return false;
}
}
if ($serendipity['GET']['adminModule'] == 'templates') {
$css_files = safe_glob(dirname(__FILE__) . '/*_style.css');
Barberousse.
Re: If you have no colorset choice in Bulletproof
Posted: Sun Dec 30, 2007 9:14 pm
by yellowled
Barberousse wrote:For security reason, the glob function may be prohibited on some servers (on free.fr for instance) and you will get no colorset listing with the Bulletproof template. To correct this, open "config.inc.php" in "templates/bulletproof" and change (...)
I am no coder, and neither are my fellow BP developers, but if someone from the coder ranks (Garvin? Jude? Anyone?
) can validate this, I'd like to include the code into BP for future versions if it will be working on
any server and doesn't affect Grandma's notorious performance pennies.
Thanks for sharing this!
YL
Posted: Mon Dec 31, 2007 1:16 am
by Don Chambers
Yup - same here. I need input from the php experts on this one.
Posted: Mon Dec 31, 2007 11:51 am
by garvinhicking
Hi!
You can emulate glob() with other PHP calls, but that is way too much overhead. To keep the code lean and simple, I object to adding this to the default BP code.
However, this forum information should prove helpful for other free.fr users. They already need some other custom modifications, so basically it's up to the user to do those mods if he uses a so restricted free service provider...
We have to draw a line between usability and easy of code for the majority of our users. Adding more code with overhead for 99% of the users to help 1% of the users is IMHO not so good. Other opinions?
Regards,
Garvin
Posted: Mon Dec 31, 2007 1:53 pm
by blog.brockha.us
I think so, too, Garvin.
There could be a compromise maybe: Do two versions of the function. One with the overheaded code and the other with the old code. In the configuration of s9y the user could select "safe glob on/off" defaulting to "off". This is only little overhead for 99% of the users, but it still is overhead..
Posted: Tue Jan 01, 2008 10:02 pm
by yellowled
garvinhicking wrote:To keep the code lean and simple, I object to adding this to the default BP code.
Okeydokey
I'm not a fan of the solution with the two versions, either, so let's just stick with the old code for the time being unless we get hold of other hosters with this issue.
YL
Posted: Wed Jan 02, 2008 5:38 am
by Don Chambers
Does Grischa's suggestion of an s9y config option filter down to a template config option with minimal overhead? Barberousse's suggestion is to config.inc.php, which is template-specific.
BTW Barberousse - regardless of the decision on this matter, thanks for taking the time to make the suggestion!!!! Please keep contributions like this coming!!
Posted: Wed Jan 02, 2008 12:03 pm
by yellowled
Don Chambers wrote:Does Grischa's suggestion of an s9y config option filter down to a template config option with minimal overhead?
You're right, but if I understand Garvin right, free.fr users will have to do various modifications anyway. I don't think there's a point in supporting an obviously strange hosting service.
YL
Posted: Thu Jan 03, 2008 3:42 pm
by Barberousse
yellowled is right, Free.fr has a lot of limitations.
I made modifications for the Menalto Gallery script too, but it is huge... But I had no problem with Serendipity until I discovered the "glob" problem.
I think that it's a waste of time for Bulletproof maintainers to keep trying to make it work with these specific providers.
But I guess that the specific "glob" problem can occur on any server using safe mode because of a security risk (see here:
http://seclists.org/fulldisclosure/2005/Sep/0001.html).
The solution I gave works only with UNIX servers (it uses the "fnmatch" function:
http://www.php.net/manual/function.fnmatch.php), so you can't include it as a global workaround.
Barberousse.
Posted: Thu Feb 07, 2008 7:01 pm
by Pakito
Hi, I just wanted to confirm that the code submitted by Barberousse works on free.fr.
It indeed enables to change the default colorset from the standard purple.
Thanks Barberousse !