Problems using Plug-in Installer on Servers with PHP Safe Mode

[enzo]

Hello folks

I had some troubles trying install some plug-ins in a server with PHP Safe Mode enabled, because the installer check some paths outside the document root.

So, I created a new patch in order to start checking of files at document root.

After this patch now my server is working well with plug-in installer.

Enjoy IT.

enzo

[VexedPanda]

Hmm, I dunno. If someone moves something like their includes directory out of webroot (which we want to support), it should still try and write there. If their server doesn't allow it, I vote we just spit out a notice saying something like:
"In order to finish the install, the following steps must be performed manually:
Copy {original file} to {destination}"

[alex94040]

Can we somehow reconcile two desires here? Can we have a fork in the code that says

- if not in safe mode, do X
- if in safe mode, do Y;
- if in safe mode and the includes are outside of the docroot, give up and give an error message?

[VexedPanda]

I don't think it needs to be that complex.
Simply doing error handling and displaying an error in case of failure should be enough.

[alex94040]

Vexed - but see, this essentially would mean that the developer can't automatically install plugins on a PHP Safe Mode box... That'd be kind of bad, no? The whole point of the plugins framework is to allow for nice and easy install/uninstall..

[VexedPanda]

I guess I don't understand quite what's going on here. By default, shouldn't all plugins stay within docroot anyhow? So shouldn't this only come up when they've moved includes (or another directory) out of docroot anyhow?

[alex94040]

Plugins go into the /includes and /assets folders. By default - if you don't move the /includes outside of the docroot - plugins should go right inside the docroot. Enzo, however, is suggesting that this somehow still didn't work out of the box - I'm not sure why, I don't have a PHP Safe Mode install handy. Enzo, can you comment?

[alex94040]

We should close this ticket as "works for me" if we don't hear back in the next week.

[VexedPanda]

So the issue seems to be that in safe mode (or any strict environment), php doesn't have access to do a is_dir check of the directory structure outside of webroot.

My suggestion is we simply reverse this process. Check the deepest first, and only go as far up as needed to create the missing directory.

This way, it will only throw an error when it actually needs to create or read a specific directory it doesn't have access to.

The second step would be to catch this error, and present it nicely to the user.

[VexedPanda]

mkdir has a recursive flag in PHP 5.0.0 and above. Hopefully this removes the need for the out-of-webroot checks entirely.

[VexedPanda]

Still need friendly errors, but that's perhaps a seperate issue.

[enzo]

(In [539]) Fixes #305 Validate if php_safe is on and generate a warning in installation

[alex94040]

What enzo checked in is not the same as the patch that is attached to this bug. Enzo checked in a friendly warning in the config checker; the other patch still needs to be applied.

[alex94040]

(In [540]) Fixes #305 (Problems using Plug-in Installer on Servers with PHP Safe Mode).

Also fixes PHP 5.3 compatibility in 1.1 plugin installer around ereg_replace being deprecated.

[alex94040]

On a second thought, an install-time warning should probably be enough. My last patch fixes formatting / other stuff in the earlier checkin, we can consider this closed.