Opened 16 years ago
Last modified 16 years ago
#1906 closed Bug
PHP connector in filemanager should have better error checking — at Initial Version
| Reported by: | Kyle | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | FCKeditor 2.6 |
| Component: | Server : PHP | Version: | FCKeditor 2.5 |
| Keywords: | Confirmed Review+ | Cc: |
Description
The PHP connector DetectHTML function does no error checking to make sure that the file was opened or read correctly. This causes a cascade of errors on systems with the PHP open_basedir set to disallow opening of files in the temporary file-upload directory. See the forums post http://www.fckeditor.net/forums/viewtopic.php?f=6&t=8619.
In the file 'editor/filemanager/connectors/php/util.php' starting on line 87 is the DetectHTML function.
Original:
function DetectHtml( $filePath )
{
$fp = fopen( $filePath, 'rb' ) ;
$chunk = fread( $fp, 1024 ) ;
fclose( $fp ) ;
With improved error checking, it should be something like this...
function DetectHtml( $filePath )
{
$fp = fopen( $filePath, 'rb' ) ;
if ( $fp !== false )
{
$chunk = fread( $fp, 1024 ) ;
if ( $chunk === false )
{
$chunk = '';
}
fclose( $fp ) ;
}
else
{
$chunk = '';
}
I'm not sure whether it would be better to return TRUE or FALSE in the case of being unable to open and/or read the file. I leave it to the security experts to debate that.
Note: See
TracTickets for help on using
tickets.
