Moodle

check_dir_exists in safe_mode is buggy

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.8.2
  • Fix Version/s: 1.8.4, 1.9, 2.0
  • Component/s: Backup
  • Labels:
    None
  • Environment:
    Linux (Debian Etch), Apache 2.2.3-4+etch1, PHP5 5.2.0-8+etch7 with safe_mode turned on
  • Affected Branches:
    MOODLE_18_STABLE
  • Fixed Branches:
    MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE

Description

When using safe_mode the is_dir() function might return a wrong result. My Moodle files are owned by www-data, the CFG->moodledata is in /var/local/moodledata. When checking is_dir('/var/') (like in lib/moodlelib.php:6771) PHP returns boolean(false); /var/ is owned by root and thus PHP returns false (for security reasons?!?). This results in errors when importing a course into another.

It might be better to strip off the CFG->moodledata before recursively checking and creating directories. This directory should already exist anyway when calling this method. It even saves some execution time.

Strip off CFG->moodledata (there might be another way that is more foolproof, this is just a quick workaround):

$dir = str_replace($CFG->dataroot.'/', '', $dir);

Start with $dir = CFG->dataroot:

$dir = $CFG->dataroot.'/';

See the patch for more information.

Issue Links

This issue has a non-specific relationship to:
MDL-11912 Course Backups fails when including user files Critical Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

many other parts break in safe mode, I do not think it is supported officially when running moodle with safe mode enabled, is it Eloy?

Show
Petr Škoda (skodak) added a comment - many other parts break in safe mode, I do not think it is supported officially when running moodle with safe mode enabled, is it Eloy?
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

AFAIK safe_mode isn't supported at all. And practically all filesystem operations can fail (potentially) under that mode. It has been a lot of discussions in forums about that...

In the other side, current implementation of the check_dir_exists() trying the recursive way from "/" looks a bit ugly and perhaps it would be a good idea to make it to work starting from $CFG->dataroot (I think we don't write anything out from there) as suggested. I think it won't break anything (the $CFG->dataroot directory itself is created at install without using that function).

Although I think that you'll find more problems with that mode...

Ciao

Show
Eloy Lafuente (stronk7) added a comment - AFAIK safe_mode isn't supported at all. And practically all filesystem operations can fail (potentially) under that mode. It has been a lot of discussions in forums about that... In the other side, current implementation of the check_dir_exists() trying the recursive way from "/" looks a bit ugly and perhaps it would be a good idea to make it to work starting from $CFG->dataroot (I think we don't write anything out from there) as suggested. I think it won't break anything (the $CFG->dataroot directory itself is created at install without using that function). Although I think that you'll find more problems with that mode... Ciao
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

This has been applied to 18_STABLE, 19_STABLE and HEAD.

Thanks!

Closing...ciao

Show
Eloy Lafuente (stronk7) added a comment - This has been applied to 18_STABLE, 19_STABLE and HEAD. Thanks! Closing...ciao

People

Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.