View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0034846mantisbtbugtrackerpublic2024-10-12 08:222024-10-24 15:11
Reporterluri Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionduplicate 
Product Version2.27.0 
Summary0034846: move core directory outside webroot not work
Description

Hi,

I want to move core directory outside web root directory as suggested but this is not work.

(Mantis work if core directory is in/XXXXXX/mantisbt-2.27.0/web_root/core)

apache web root : /XXXXXX/mantisbt-2.27.0/web_root
core directory : /XXXXXX/mantisbt-2.27.0/core

extract of config/config_inc.php : 

$g_core_path = dirname(__DIR__,2) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR;

Error :
[Sat Oct 12XXX] [proxy_fcgi:error] [pid X:tid X] [remote 92.X] AH01071: Got error 'PHP message: PHP Warning: require_once(/XXXX/mantisbt-2.27.0/web_root/core/constant_inc.php): Failed to open stream: No such file or directory in /XXX/mantisbt-2.27.0/web_root/core.php on line 69PHP message: PHP Fatal error: Uncaught Error: Failed opening required '/XXXXX/mantisbt-2.27.0/web_root/core/constant_inc.php' (include_path='.:/usr/share/php') in /XXXX/mantisbt-2.27.0/web_root/core.php:69\nStack trace:\n#0 /XXXXX/mantisbt-2.27.0/web_root/admin/check/index.php(43): require_once()\n#1 {main}\n thrown in /XXXXXX/mantisbt-2.27.0/web_root/core.php on line 69'

If I change Line 69 of core.php to point to new core directory : 

require_once( dirname(__DIR__) . '/core/constant_inc.php' );

I have this error :
[Sat Oct 12 XX] [proxy_fcgi:error] [pid X:tid X] [remote 92.X] AH01071: Got error 'PHP message: PHP Fatal error: -1 in /XXX/mantisbt-2.27.0/core/error_api.php on line 95'

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
duplicate of 0021584 confirmed core_path directory can't be moved outside the web root 

Activities

luri

luri

2024-10-12 08:23

reporter   ~0069322

It's not DIR, it's {underscore}{underscore}DIR{underscore}{underscore}
luri

luri

2024-10-12 08:48

reporter   ~0069323

I have reboot my server beacause i have some other problem.
With same manipulation, il haw now this error :
[Sat Oct 12 X] [proxy_fcgi:error] [pid X:tid X] [remote 92.X] AH01071: Got error 'PHP message: Class "DbQuery" not found\n/XXX/mantisbt-2.27.0/core/database_api.php: 166: - - - - db_query()\n/XXXX/mantisbt-2.27.0/web_root/core.php: 183: - - - - db_connect()\n/XXXX/mantisbt-2.27.0/web_root/index.php: 31: - - - - require_once( <string>'/XXXX/mantisbt-2.27.0/web_root/core.php' )\n'
dregad

dregad

2024-10-12 15:08

developer   ~0069324

To be honest I have never bothered with this. core only contains PHP files, so if your web server is configured correctly I don't see a security risk.

This comment goes back to 2002, and I'm not even sure that it is still valid today (maybe not, based on your report), but I do not have time to test ATM. Maybe one of the other devs can confirm.
dregad

dregad

2024-10-13 18:57

developer   ~0069330

Just noticed this has been reported before, so closing this as duplicate of 0021584