|
|
Posted by starman7 on 03/21/07 15:17
On Mar 19, 5:43 am, "Vince Morgan" <vin...@REMOVEoptusnet.com.au>
wrote:
> "starman7" <starm...@hotmail.com> wrote in message
>
> news:1174276558.004984.145320@l75g2000hse.googlegroups.com...
>
> > On Mar 18, 8:42 pm, "Vince Morgan" <vin...@REMOVEoptusnet.com.au>
> > wrote:
> > > "Vince Morgan" <vin...@REMOVEoptusnet.com.au> wrote in message
>
> > >news:45fde317$0$4753$afc38c87@news.optusnet.com.au...
>
> > > > >if ( strpos($config_content, 'dbuser') && (substr($config_content, 0,
> > > > >5) != '<?php' || substr($config_content, -2) != '?>') )
> > > > {
> > Thanks for the insight. The application works without that code block
> > - so I'm guessing the config file gets loaded despite the reported
> > problem.
>
> Yep, you are correct. There is no "return" or "exit" so the script should
> keep on running after the message.
>
>
>
> > Here's my actual config file:
>
> > <?php
>
> > //
> > // phpBB 2.x auto-generated config file
> > // Do not change anything in this file!
> > //
>
> > $dbms = 'mysql4';
>
> > $dbhost = '127.0.0.1';
> > $dbname = '1234567';
> > $dbuser = '12345678';
> > $dbpasswd = '123456789';
>
> > $table_prefix = 'phpbb_';
>
> > define('PHPBB_INSTALLED', true);
>
> > ?>
>
> What is being checked in the "if" condition is of three parts.
> First it checks for a substring "dbuser". The function "strpos()" returns
> FALSE if the substring in question is not found, but it does exist in the
> file apparently.
> If it did not exist then the first condition "strpos($config_content,
> 'dbuser')" returning FALSE would cause the entire condition to return FALSE,
> as the AND "&&" opperator does not bother evaluating any further if the
> first part is FALSE.
>
> In the second part. If the first five chars of the file are not "<?php"
> [minuse the quotes] or, the last two chars are not "?>" then the entire
> condition evaluates as TRUE. If the condition as a whole returns TRUE you
> get the message.
>
> It could be written as below, and still work.
> if ( strpos($config_content, 'dbuser') AND (substr($config_content, 0, 5)
> != '<?php' OR substr($config_content, -2) != '?>') )
>
> > any ideas why the code complains about it?
>
> I think the problem is discovered in the second part of the condition.
> That will evaluate as TRUE if the first 5 chars are not exactly "<?php", OR
> if the last 2 chars are not exactly"?>".
> A space in either part would cause the message to be output.
> That is where I would be looking with regard to the above.
>
> > i've tried even moving everything to one line, but always seem to get
> > the error (unless i remove that block) - might this code be evaluated
> > for some reason unintended by the author's warning?
>
> Can't help you there.
>
> >might removing
> > this code decrease the app's security?
>
> Don't know.
>
> i should mention the
>
> > environment is selinux - which requires specific/enhanced
> > permissions ... not sure if that's relevant given the above info ...
>
> Nope, can't see that being the case.
>
> If the first five chars are "<?php" and the last are "?>" including hidden
> characters, I would be lost too.
> If the var that the file was loaded into was empty the first part of the
> condition would evaluate as FALSE and you wouldn't see the message.
> I would be making absolutely certain the the file begins with "<?php" and
> ends with "?>". No line break or spaces whatsoever either before the first
> part, or after the last part.
>
> I believe you have a hidden character, or a line break, or space after the
> "?>"
>
> HTH
> Vince Morgan
thanks vince -
actually there seems to be an invisible space after the ending >
but i can't see it - when i echo substr($config_content, -2) it's '>
' (single quotes to indicate trailing space).
how can i get rid of? why does it pass ** dbloader test? could the
space be coming from outside the file?
** dbloader is a php page that tests the config file (among other
things) and reports it as ok
Navigation:
[Reply to this message]
|