mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 04:20:55 +01:00
Just fatal for any setting of open_basedir
Summary: Fixes T11627. Beyond being complex, I have no real reason to believe these checks even work (and they don't test repositories, file storage, logfiles, etc). Test Plan: Faked the error: {F1813433} Reviewers: chad Reviewed By: chad Maniphest Tasks: T11627 Differential Revision: https://secure.phabricator.com/D16544
This commit is contained in:
parent
1ee426e4ac
commit
105be01d5f
1 changed files with 17 additions and 79 deletions
|
@ -113,89 +113,27 @@ final class PhabricatorPHPPreflightSetupCheck extends PhabricatorSetupCheck {
|
||||||
}
|
}
|
||||||
|
|
||||||
$open_basedir = ini_get('open_basedir');
|
$open_basedir = ini_get('open_basedir');
|
||||||
if ($open_basedir) {
|
if (strlen($open_basedir)) {
|
||||||
|
// If `open_basedir` is set, just fatal. It's technically possible for
|
||||||
|
// us to run with certain values of `open_basedir`, but: we can only
|
||||||
|
// raise fatal errors from preflight steps, so we'd have to do this check
|
||||||
|
// in two parts to support fatal and advisory versions; it's much simpler
|
||||||
|
// to just fatal instead of trying to test all the different things we
|
||||||
|
// may need to access in the filesystem; and use of this option seems
|
||||||
|
// rare (particularly in supported environments).
|
||||||
|
|
||||||
// 'open_basedir' restricts which files we're allowed to access with
|
$message = pht(
|
||||||
// file operations. This might be okay -- we don't need to write to
|
"Your server is configured with '%s', which prevents Phabricator ".
|
||||||
// arbitrary places in the filesystem -- but we need to access certain
|
"from opening files it requires access to.\n\n".
|
||||||
// resources. This setting is unlikely to be providing any real measure
|
"Disable this setting to continue.",
|
||||||
// of security so warn even if things look OK.
|
'open_basedir');
|
||||||
|
|
||||||
$failures = array();
|
|
||||||
|
|
||||||
try {
|
|
||||||
$open_libphutil = class_exists('Future');
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$failures[] = $ex->getMessage();
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$open_arcanist = class_exists('ArcanistDiffParser');
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$failures[] = $ex->getMessage();
|
|
||||||
}
|
|
||||||
|
|
||||||
$open_urandom = false;
|
|
||||||
try {
|
|
||||||
Filesystem::readRandomBytes(1);
|
|
||||||
$open_urandom = true;
|
|
||||||
} catch (FilesystemException $ex) {
|
|
||||||
$failures[] = $ex->getMessage();
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$tmp = new TempFile();
|
|
||||||
file_put_contents($tmp, '.');
|
|
||||||
$open_tmp = @fopen((string)$tmp, 'r');
|
|
||||||
if (!$open_tmp) {
|
|
||||||
$failures[] = pht(
|
|
||||||
"Unable to read temporary file '%s'.",
|
|
||||||
(string)$tmp);
|
|
||||||
}
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$message = $ex->getMessage();
|
|
||||||
$dir = sys_get_temp_dir();
|
|
||||||
$failures[] = pht(
|
|
||||||
"Unable to open temp files from '%s': %s",
|
|
||||||
$dir,
|
|
||||||
$message);
|
|
||||||
}
|
|
||||||
|
|
||||||
$issue = $this->newIssue('php.open_basedir')
|
$issue = $this->newIssue('php.open_basedir')
|
||||||
->setName(pht('Disable PHP %s', 'open_basedir'))
|
->setName(pht('Disable PHP %s', 'open_basedir'))
|
||||||
->addPHPConfig('open_basedir');
|
->addPHPConfig('open_basedir')
|
||||||
|
->setIsFatal(true)
|
||||||
if ($failures) {
|
->setMessage($message);
|
||||||
$message = pht(
|
|
||||||
"Your server is configured with '%s', which prevents Phabricator ".
|
|
||||||
"from opening files it requires access to.\n\n".
|
|
||||||
"Disable this setting to continue.\n\nFailures:\n\n%s",
|
|
||||||
'open_basedir',
|
|
||||||
implode("\n\n", $failures));
|
|
||||||
|
|
||||||
$issue
|
|
||||||
->setIsFatal(true)
|
|
||||||
->setMessage($message);
|
|
||||||
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
$summary = pht(
|
|
||||||
"You have '%s' configured in your PHP settings, which ".
|
|
||||||
"may cause some features to fail.",
|
|
||||||
'open_basedir');
|
|
||||||
|
|
||||||
$message = pht(
|
|
||||||
"You have '%s' configured in your PHP settings. Although this ".
|
|
||||||
"setting appears permissive enough that Phabricator will work ".
|
|
||||||
"properly, you may still run into problems because of it.\n\n".
|
|
||||||
"Consider disabling '%s'.",
|
|
||||||
'open_basedir',
|
|
||||||
'open_basedir');
|
|
||||||
|
|
||||||
$issue
|
|
||||||
->setSummary($summary)
|
|
||||||
->setMessage($message);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue