Just fatal for any setting of open_basedir · recaptime.dev/phorge@105be01

+17 -79

1 changed file

expand all

src

applications

config

check

PhabricatorPHPPreflightSetupCheck.php

+17 -79

src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php

··· 113 113 } 114 114 115 115 $open_basedir = ini_get('open_basedir'); 116 - if ($open_basedir) { 117 - 118 - // 'open_basedir' restricts which files we're allowed to access with 119 - // file operations. This might be okay -- we don't need to write to 120 - // arbitrary places in the filesystem -- but we need to access certain 121 - // resources. This setting is unlikely to be providing any real measure 122 - // of security so warn even if things look OK. 123 - 124 - $failures = array(); 125 - 126 - try { 127 - $open_libphutil = class_exists('Future'); 128 - } catch (Exception $ex) { 129 - $failures[] = $ex->getMessage(); 130 - } 131 - 132 - try { 133 - $open_arcanist = class_exists('ArcanistDiffParser'); 134 - } catch (Exception $ex) { 135 - $failures[] = $ex->getMessage(); 136 - } 137 - 138 - $open_urandom = false; 139 - try { 140 - Filesystem::readRandomBytes(1); 141 - $open_urandom = true; 142 - } catch (FilesystemException $ex) { 143 - $failures[] = $ex->getMessage(); 144 - } 116 + if (strlen($open_basedir)) { 117 + // If `open_basedir` is set, just fatal. It's technically possible for 118 + // us to run with certain values of `open_basedir`, but: we can only 119 + // raise fatal errors from preflight steps, so we'd have to do this check 120 + // in two parts to support fatal and advisory versions; it's much simpler 121 + // to just fatal instead of trying to test all the different things we 122 + // may need to access in the filesystem; and use of this option seems 123 + // rare (particularly in supported environments). 145 124 146 - try { 147 - $tmp = new TempFile(); 148 - file_put_contents($tmp, '.'); 149 - $open_tmp = @fopen((string)$tmp, 'r'); 150 - if (!$open_tmp) { 151 - $failures[] = pht( 152 - "Unable to read temporary file '%s'.", 153 - (string)$tmp); 154 - } 155 - } catch (Exception $ex) { 156 - $message = $ex->getMessage(); 157 - $dir = sys_get_temp_dir(); 158 - $failures[] = pht( 159 - "Unable to open temp files from '%s': %s", 160 - $dir, 161 - $message); 162 - } 125 + $message = pht( 126 + "Your server is configured with '%s', which prevents Phabricator ". 127 + "from opening files it requires access to.\n\n". 128 + "Disable this setting to continue.", 129 + 'open_basedir'); 163 130 164 131 $issue = $this->newIssue('php.open_basedir') 165 132 ->setName(pht('Disable PHP %s', 'open_basedir')) 166 - ->addPHPConfig('open_basedir'); 167 - 168 - if ($failures) { 169 - $message = pht( 170 - "Your server is configured with '%s', which prevents Phabricator ". 171 - "from opening files it requires access to.\n\n". 172 - "Disable this setting to continue.\n\nFailures:\n\n%s", 173 - 'open_basedir', 174 - implode("\n\n", $failures)); 175 - 176 - $issue 177 - ->setIsFatal(true) 178 - ->setMessage($message); 179 - 180 - return; 181 - } else { 182 - $summary = pht( 183 - "You have '%s' configured in your PHP settings, which ". 184 - "may cause some features to fail.", 185 - 'open_basedir'); 186 - 187 - $message = pht( 188 - "You have '%s' configured in your PHP settings. Although this ". 189 - "setting appears permissive enough that Phabricator will work ". 190 - "properly, you may still run into problems because of it.\n\n". 191 - "Consider disabling '%s'.", 192 - 'open_basedir', 193 - 'open_basedir'); 194 - 195 - $issue 196 - ->setSummary($summary) 197 - ->setMessage($message); 198 - } 133 + ->addPHPConfig('open_basedir') 134 + ->setIsFatal(true) 135 + ->setMessage($message); 199 136 } 137 + 200 138 } 201 139 }

Configure Feed

Configure Feed