hi,
thanks for your response and sorry for my delayed one.
Krzysztof Sikorski schrieb:
> The problem is not in your include path but in basedir path. You
> probably uploaded your phptal libraries into a directory that is
> forbidden for your scripts. Try running
> ini_get('open_basedir');
> to check what dir is allowed and then move your libraries into that
> dir or one of its subdirs.
as i wrote, it's a safe-mode problem. i'm not allowed to change any
php-parameters via local php.ini, .htaccess or set_***().
>
> Or if you are lazy, just move it to the same dir your execute your
> scripts from, this one certainly Is allowed. Your libraries will be
> visible form the net but thats a minor problem because they can't harm
> your server when executed directly.
to avoid this solution with all the risks, i suggest to add a constant like
PHPTAL_PHP_LIB_DIR. kornel lesinski indicated that he's thinking about to
include this solution (see Re: [PHPTAL] PHPTAL and Wordpress - CET
17.03.2008 11:21).
a tmp-dir constant is allready available. i have to use this option, because
/tmp is mostly unwriteable on webhosting-space (/tmp isn't quoteable).
i use following project-layout:
./extlib - for external libs like PHPTAL
./lib - my libs like controller and modell
./templates - for view-templates
./tmp - tmp/cache for libs (rights other -wx)
./index.html - redirect to index.php
./index.php - the one and only view world readable
./*** - css and images
extlib, lib, templates and tmp are secured by .htaccess
[CODE]
order deny,allow
deny from all
allow from localhost
[/CODE]
PUT and DELETE is denied by main .htaccess (secure tmp)
that works very fine on different webspaces, if all PHPTAL-files are patched
like in PHPTAL.php
[CODE]
57,61c57,61
< //{{{PHPTAL_PHP_LIB_DIR
< if (!defined('PHPTAL_PHP_LIB_DIR')){
< define('PHPTAL_PHP_LIB_DIR', '');
< }
< //}}}
---
> require_once 'PHPTAL/FileSource.php';
> require_once 'PHPTAL/RepeatController.php';
> require_once 'PHPTAL/Context.php';
> require_once 'PHPTAL/Exception.php';
> require_once 'PHPTAL/TalesRegistry.php';
63,67d62
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/FileSource.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/RepeatController.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/Context.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/Exception.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/TalesRegistry.php');
[/CODE]
inclusion is done by
[CODE]
$_DocRoot = explode("index.php", $_SERVER["SCRIPT_FILENAME"], 2);
$_DocRoot = $_DocRoot[0];
define(PHPTAL_PHP_CODE_DESTINATION, $_DocRoot.'tmp/');
define(PHPTAL_PHP_LIB_DIR, $_DocRoot.'extlib/phptal/');
require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL.php');
[/CODE]
so i think the main risks should be solved outside my code.
greetings, thomas mueller
>
> On Sun, Mar 16, 2008 at 5:26 PM, Thomas Müller <[EMAIL PROTECTED]> wrote:
>> hi,
>>
>> i have a problem with a webhosting server. this server has very restrictiv
>> rules. so i can't modify or override any php.ini rules and i have limited
>> htaccess syntax (only accept, deny, Auth*, etc), ...
>>
>> so all described path including ways won't work, like init_set,
>> set_include_path or php_value. i'd tried all.
>>
>> result was every time like that:
>> [CODE]
>> Warning: main() [function.main]: open_basedir restriction in effect.
>> File(/PHPTAL/FileSource.php) is not within the allowed path(s):
>> (/pathto/phptal-login/httpdocs:/tmp) in
>> /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>>
>> Warning: main(PHPTAL/FileSource.php) [function.main]: failed to open stream:
>> Die Operation ist nicht erlaubt in
>> /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>>
>> Fatal error: main() [function.require]: Failed opening required
>> 'PHPTAL/FileSource.php' (include_path='.:.:.:') in
>> /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>> [/CODE]
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> PHPTAL mailing list
>> PHPTAL@lists.motion-twin.com
>> http://lists.motion-twin.com/mailman/listinfo/phptal
_______________________________________________
PHPTAL mailing list
PHPTAL@lists.motion-twin.com
http://lists.motion-twin.com/mailman/listinfo/phptal
