View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0034503mantisbtadministrationpublic2024-07-10 05:332025-03-01 18:40
Reportermarc.kraemer Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version2.27.1Fixed in Version2.27.1 
Summary0034503: t_admin_dir_is_accessible check is wrong
Description

the test for accessible admin dir is wrong:

$t_admin_dir_is_accessible = @file_exists( $t_admin_dir . '/.' );

setting chmod 0000 admin makes the dir unaccessible!
but file_exists will still report "admin/." as exsitent, since "." is a pointer to the dir itself, and this exists in the current dir.

If this results in "true", the require("admin/schema.php") will make the bugtracker inaccessable

TagsNo tags attached.

Activities

dregad

dregad

2024-07-22 08:56

developer   ~0069046

setting chmod 0000 admin makes the dir unaccessible!
but file_exists will still report "admin/." as exsitent, since "." is a pointer to the dir itself, and this exists in the current dir.
If this results in "true", the require("admin/schema.php") will make the bugtracker inaccessable

Confirmed, this triggers a system warning require_once(/var/www/mantisbt/admin/schema.php): Failed to open stream: Permission denied' in /var/www/mantisbt/login_page.php' line 188

I guess that replacing the file_exists() by is_readable() should fix the problem, but I don't have time to test at the moment.
dregad

dregad

2024-10-27 11:22

developer   ~0069402

PR https://github.com/mantisbt/mantisbt/pull/2041

Related Changesets

MantisBT: master-2.27 b337bef5

2024-10-27 10:59

dregad


Details Diff		 Fix incorrect check for admin dir on login page

Belt and braces:
- use is_readable() instead of file_exists() to check admin dir
- if admin dir is accessible, use include_once instead of require_once
to read schema.php, so we don't get a fatal error in case the file
cannot be read and just skip the schema version check in that case.

Fixes 0034503		 Affected Issues
0034503
mod - login_page.php Diff File