** Changed in: mahara
Milestone: None => 1.1.8
--
Downloads can be denied when dataroot specified in certain ways
https://bugs.launchpad.net/bugs/547289
You received this bug notification because you are a member of Mahara
Core, which is the registrant for Mahara.
Status in Mahara ePortfolio: Fix Released
Bug description:
A very confusing problem as uploads work fine and files are written to disk OK,
apparently:
http://mahara.org/interaction/forum/topic.php?id=527#post3684
(and the post after it)
I'm not sure exactly what is wrong there, but if the dataroot is set up in such
a way that files can't be downloaded, we _must_ let the administrator know
somehow - maybe with a ConfigSanityException in ensure_sanity. Otherwise, we
should add some more smarts to make sure the matching is sensible. It's
probably here that is failing:
lib/file.php: serve_file
if (!get_config('insecuredataroot') && substr($path, 0, strlen($dataroot))
!= $dataroot) {
throw new AccessDeniedException();
}
Perhaps $dataroot and the substr bit need wrapping in realpath()? In any event,
the AccessDeniedException needs to have an argument to say what is wrong,
calling it with no parameters is wrong.
This bug was imported from eduforge.org, see:
https://eduforge.org/tracker/index.php?func=detail&aid=3324&group_id=176&atid=739
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
