id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc 1906,PHP connector in filemanager should have better error checking,Kyle,Wiktor Walc,"The PHP connector DetectHTML function does no error checking to make sure that the file was opened or read correctly. This causes a cascade of errors on systems with the PHP open_basedir set to disallow opening of files in the temporary file-upload directory. See the forums post [http://www.fckeditor.net/forums/viewtopic.php?f=6&t=8619]. In the file 'editor/filemanager/connectors/php/util.php' starting on line 87 is the DetectHTML function. Original: {{{ function DetectHtml( $filePath ) { $fp = fopen( $filePath, 'rb' ) ; $chunk = fread( $fp, 1024 ) ; fclose( $fp ) ; }}} With improved error checking, it should be something like this... {{{ function DetectHtml( $filePath ) { $fp = fopen( $filePath, 'rb' ) ; if ( $fp !== false ) { $chunk = fread( $fp, 1024 ) ; if ( $chunk === false ) { $chunk = ''; } fclose( $fp ) ; } else { $chunk = ''; } }}} I'm not sure whether it would be better to return TRUE or FALSE in the case of being unable to open and/or read the file. I leave it to the security experts to debate that. == == ",Bug,closed,Normal,FCKeditor 2.6,Server : PHP,FCKeditor 2.5,fixed,Confirmed Review+,