Problems with include_path and SecureSSI

Help
KGB
2004-09-30
2012-10-11
  • KGB
    KGB
    2004-09-30

    I tried installing phpwiki1.3.10 on a webhost the other day and I'm getting the following errors as soon as I click on any link on the front page:

    SecureSSI: Das Script (/usr/export/www/vhosts/funnetwork/hosting/w40kproject/newwiki/index.php) hat versucht ausserhalb von ihrem Userverzeichniss auf die Datei /usr/export/www/vhosts/funnetwork/hosting/w40kproject/newwiki/index.php zuzugreifen.
    Dies ist nicht erlaubt!

    Warning: Unknown(): Sicherheitsverletzung: in Unknown on line 0

    Warning: Unknown(/usr/export/www/vhosts/funnetwork/hosting/w40kproject/newwiki/index.php): failed to open stream: Operation not permitted in Unknown on line 0

    Warning: (null)(): Failed opening '/usr/export/www/vhosts/funnetwork/hosting/w40kproject/newwiki/index.php' for inclusion (include_path='.:') in Unknown on line 0

    The topmost error is in german, saying that the script .../index.php is trying to access .../index.php outside of my userfolder, which isn't allowed.(Kind of ridiculous statement, but I've read that PHPKIT generates some similar problem)

    Sicherheitsverletzung means Securityviolation.

    The server has disabled set_ini(), so I commented those that were generating errors, only after that I was able to even get to the Front page...
    putting the phpwiki ("newwiki" in my case) folder in the include_path in config.ini doesn't work because of that either.

    I hope someone can help me with this.

    P.S.: Is there any possibility for you guys to switch to a real board for support questions? Because the sourceforge thingy just plain sucks :)

     
    • Reini Urban
      Reini Urban
      2004-09-30

      override INCLUDE_PATH not to contain any path you may not search in.

      the other errors look like wrong open_basedir restrictions with other error messages. ask your provider.

       
    • Reini Urban
      Reini Urban
      2004-09-30

      >P.S.: Is there any possibility for you guys to switch to >a real board for support questions? Because the >sourceforge thingy just plain sucks :)

      gforge would be better. but you know.

      the mailinglist phpwiki-talk is our preferred method.