#1906: PHP connector in filemanager should have better error checking
------------------+---------------------------------------------------------
Reporter: Kyle | Type: Bug
Status: new | Priority: Normal
Milestone: | Component: Server : PHP
Version: | Keywords:
------------------+---------------------------------------------------------
The PHP connector DetectHTML function does no error checking to make sure
that the file was opened or read correctly. This causes a cascade of
errors on systems with the PHP open_basedir set to disallow opening of
files in the temporary file-upload directory. See the forums post
[http://www.fckeditor.net/forums/viewtopic.php?f=6&t=8619].
In the file 'editor/filemanager/connectors/php/util.php' starting on line
87 is the DetectHTML function.
Original:
{{{
function DetectHtml( $filePath )
{
$fp = fopen( $filePath, 'rb' ) ;
$chunk = fread( $fp, 1024 ) ;
fclose( $fp ) ;
}}}
With improved error checking, it should be something like this...
{{{
function DetectHtml( $filePath )
{
$fp = fopen( $filePath, 'rb' ) ;
if ( $fp !== false )
{
$chunk = fread( $fp, 1024 ) ;
if ( $chunk === false )
{
$chunk = '';
}
fclose( $fp ) ;
}
else
{
$chunk = '';
}
}}}
I'm not sure whether it would be better to return TRUE or FALSE in the
case of being unable to open and/or read the file. I leave it to the
security experts to debate that.
--
Ticket URL: <http://dev.fckeditor.net/ticket/1906>
FCKeditor <http://www.fckeditor.net>
The text editor for Internet
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
FCKeditor-Trac mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fckeditor-trac
