thanks for your response and sorry for my delayed one.

Krzysztof Sikorski schrieb:
> The problem is not in your include path but in basedir path. You
> probably uploaded your phptal libraries into a directory that is
> forbidden for your scripts. Try running
> ini_get('open_basedir');
> to check what dir is allowed and then move your libraries into that
> dir or one of its subdirs.
as i wrote, it's a safe-mode problem. i'm not allowed to change any
php-parameters via local php.ini, .htaccess or set_***().

> Or if you are lazy, just move it to the same dir your execute your
> scripts from, this one certainly Is allowed. Your libraries will be
> visible form the net but thats a minor problem because they can't harm
> your server when executed directly.
to avoid this solution with all the risks, i suggest to add a constant like
PHPTAL_PHP_LIB_DIR. kornel lesinski indicated that he's thinking about to
include this solution (see Re: [PHPTAL] PHPTAL and Wordpress - CET
17.03.2008 11:21).

a tmp-dir constant is allready available. i have to use this option, because
/tmp is mostly unwriteable on webhosting-space (/tmp isn't quoteable).

i use following project-layout:
./extlib - for external libs like PHPTAL
./lib - my libs like controller and modell
./templates - for view-templates
./tmp - tmp/cache for libs (rights other -wx)
./index.html - redirect to index.php
./index.php - the one and only view world readable
./*** - css and images

extlib, lib, templates and tmp are secured by .htaccess
order deny,allow
deny from all
allow from localhost

PUT and DELETE is denied by main .htaccess (secure tmp)

that works very fine on different webspaces, if all PHPTAL-files are patched
like in PHPTAL.php
< if (!defined('PHPTAL_PHP_LIB_DIR')){
<     define('PHPTAL_PHP_LIB_DIR', '');
< }
< //}}}
> require_once 'PHPTAL/FileSource.php';
> require_once 'PHPTAL/RepeatController.php';
> require_once 'PHPTAL/Context.php';
> require_once 'PHPTAL/Exception.php';
> require_once 'PHPTAL/TalesRegistry.php';
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/FileSource.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/RepeatController.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/Context.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/Exception.php');
< require_once(PHPTAL_PHP_LIB_DIR.'PHPTAL/TalesRegistry.php');

inclusion is done by
$_DocRoot = explode("index.php", $_SERVER["SCRIPT_FILENAME"], 2);
$_DocRoot = $_DocRoot[0];
define(PHPTAL_PHP_CODE_DESTINATION, $_DocRoot.'tmp/');
define(PHPTAL_PHP_LIB_DIR, $_DocRoot.'extlib/phptal/');

so i think the main risks should be solved outside my code.

greetings, thomas mueller

> On Sun, Mar 16, 2008 at 5:26 PM, Thomas Müller <[EMAIL PROTECTED]> wrote:
>> hi,
>>  i have a problem with a webhosting server. this server has very restrictiv
>>  rules. so i can't modify or override any php.ini rules and i have limited
>>  htaccess syntax (only accept, deny, Auth*, etc), ...
>>  so all described path including ways won't work, like init_set,
>>  set_include_path or php_value. i'd tried all.
>>  result was every time like that:
>>  [CODE]
>>  Warning: main() [function.main]: open_basedir restriction in effect.
>>  File(/PHPTAL/FileSource.php) is not within the allowed path(s):
>>  (/pathto/phptal-login/httpdocs:/tmp) in
>>  /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>>  Warning: main(PHPTAL/FileSource.php) [function.main]: failed to open stream:
>>  Die Operation ist nicht erlaubt in
>>  /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>>  Fatal error: main() [function.require]: Failed opening required
>>  'PHPTAL/FileSource.php' (include_path='.:.:.:') in
>>  /pathto/phptal-login/httpdocs/extlib/phptal/PHPTAL.php on line 57
>>  [/CODE]
>> ------------------------------------------------------------------------
>> _______________________________________________
>> PHPTAL mailing list
>> PHPTAL@lists.motion-twin.com
>> http://lists.motion-twin.com/mailman/listinfo/phptal

PHPTAL mailing list

Reply via email to