View Issue Details

IDProjectCategoryView StatusLast Update
0034503mantisbtadministrationpublic2024-07-22 08:56
Reportermarc.kraemer Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status confirmedResolutionopen 
Summary0034503: t_admin_dir_is_accessible check is wrong
Description

the test for accessible admin dir is wrong:

$t_admin_dir_is_accessible = @file_exists( $t_admin_dir . '/.' );

setting chmod 0000 admin makes the dir unaccessible!
but file_exists will still report "admin/." as exsitent, since "." is a pointer to the dir itself, and this exists in the current dir.

If this results in "true", the require("admin/schema.php") will make the bugtracker inaccessable

TagsNo tags attached.

Activities

dregad

dregad

2024-07-22 08:56

developer   ~0069046

setting chmod 0000 admin makes the dir unaccessible!
but file_exists will still report "admin/." as exsitent, since "." is a pointer to the dir itself, and this exists in the current dir.
If this results in "true", the require("admin/schema.php") will make the bugtracker inaccessable

Confirmed, this triggers a system warning require_once(/var/www/mantisbt/admin/schema.php): Failed to open stream: Permission denied' in /var/www/mantisbt/login_page.php' line 188

I guess that replacing the file_exists() by is_readable() should fix the problem, but I don't have time to test at the moment.