Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-4018

System Status: File permission check will fail on parent directory .. if it is not owned by the same user

        Details

          Description

          The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..".

          For example:

          1. ls -la /home/user/logs_blesta/
            drwxrwxrwx 2 www-data www-data 4096 Nov 11 18:50 .
            drwxr-xr-x 6 root root 4096 Nov 11 18:39 ..
            rw-rw-r- 1 www-data www-data 10197 Nov 11 19:20 general-alert-2020-11-11.log
            rw-rr- 1 www-data www-data 251 Sep 29 23:58 general-error-2020-09-29.log

            Activity

            Ascending order - Click to sort in descending order
            admin Paul Phillips created issue -
            admin Paul Phillips made changes -
            Field Original Value New Value
            Description The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..". The system status widget in controllers/admin_main.php line 216 calls PHP function scandir(), which returns as part of the list the current working directory ".", and the parent directory, "..". The parent directory ".." may not be owned by the same user, and it doesn't need to be. The parent directory should be ignored. Do not evaluate ownership of "..".

            For example:

            # ls -la /home/user/logs_blesta/
            drwxrwxrwx 2 www-data www-data 4096 Nov 11 18:50 .
            *drwxr-xr-x 6 root root 4096 Nov 11 18:39 ..*
            -rw-rw-r-- 1 www-data www-data 10197 Nov 11 19:20 general-alert-2020-11-11.log
            -rw-r--r-- 1 www-data www-data 251 Sep 29 23:58 general-error-2020-09-29.log
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.0.0 Sprint 4 [ 121 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked lower
            jonathan Jonathan Reissmueller made changes -
            Status Open [ 1 ] Closed [ 6 ]
            Resolution Fixed [ 1 ]

              People

              • Assignee:
                jonathan Jonathan Reissmueller
                Reporter:
                admin Paul Phillips
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  19/Nov/20

                  Agile