Serendipity Forums

Posted: **Sun Aug 06, 2006 11:09 am**

An s9y blog with open_basedir restriction in effect, when selecting to add an image to an entry, PHP complains that file_exists() in serendipity_admin_image_selector.php/line 136 is violating the open_basedir restriction on "/uploads/picture.jpg".

Code: Select all

if (!file_exists($file['imgsrc']) && $is_image) {

$file['imgsrc'] is the URL path, and not the filesystem path, therefor causing the open_basedir restriction condition. However, when reading the comments in the else-part of this construct (around line 220), it seems that checking whether the file does not exist is not even intended:

Code: Select all

    } else {
        // What to do if file is no image.
        // For the future, maybe allow the user to add title/link description and target window

Thus, the change on lince 136 should be either:

Code: Select all

if ($is_image) {

or something like (untested):

Code: Select all

if (!file_exists($serendipity['serendipityPath'] . $file['imgsrc']) && $is_image) {

I changed it to the first version, which I believe to be the actually intended logic, and it works fine.

Posted: **Sun Aug 06, 2006 12:37 pm**

Hi!

I believe that is true; however the whole logic has been revamped in serendipity 1.1, where it should now work properly. Your bugfix for 1.0
using only $is_image should be the preferred one, which I now committed. Many thanks!

Best regards,
Garvin

Serendipity Forums

Bug(?) in serendipity_admin_image_selector.php

Bug(?) in serendipity_admin_image_selector.php

Re: Bug(?) in serendipity_admin_image_selector.php