Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.6
-
MOODLE_26_STABLE
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
w50_
MDL-43137_m27_openbasedir -
-
-
2
-
BACKEND Sprint 7
Description
Looking at lib/classes/component.php the function load_classes() makes a quick check that the $fulldir parameter is valid by calling is_dir($fulldir). Unfortunately, this breaks if open_basedir is enabled as it is checking paths like /classes which will trigger the open_basedir restriction and cause Moodle to fail.
Would it not be better to do a comparison with $CFG->dirroot to see if $fulldir looks like a valid, absolute path?
More details in https://moodle.org/mod/forum/discuss.php?d=244818.