1
This is a (sanitized) messages log from my webserver:
Line 83 of init_basic.php shows the $GALLERY_BASEDIR variable is replaced by an external URL at runtime. These external references vary each time. My knowledge of PHP is limited: I cannot figure out which code is responsible for the value of this variable at runtime. I am stuck.
Am I looking at the same hack situation?
If it is: The hack does not seem to have any consequences: I can not find strange files inside the xoopsgallery directory structure. May be turning off URL file-access in the servers PHP configuration disables the hack. Other posiblity may be the hack check in each php file should be extended (it validates empty $GALLERY_BASEDIR variables) to make sure it is pointing to the local XOOPS installation.
If I can be of any help, please let me know.
EE99
Jan 6 18:06:47 httpd: PHP Warning: main(): URL file-access is disabled in the server configuration in /..../modules/xoopsgallery/init_basic.php on line 83
Jan 6 18:06:47 httpd: PHP Warning: main(http://kamekfm.org/test.txt???platform/fs_unix.php): failed to open stream: no suitable wrapper could be found in ../modules/xoopsgallery/init_basic.php on line 83
Jan 6 18:06:47 httpd: PHP Fatal error: main(): Failed opening required 'http://kamekfm.org/test.txt???platform/fs_unix.php' (include_path='.:/usr/share/pear-addons:/usr/share/pear') in ../modules/xoopsgallery/init_basic.php on line 83
Line 83 of init_basic.php shows the $GALLERY_BASEDIR variable is replaced by an external URL at runtime. These external references vary each time. My knowledge of PHP is limited: I cannot figure out which code is responsible for the value of this variable at runtime. I am stuck.
Am I looking at the same hack situation?
If it is: The hack does not seem to have any consequences: I can not find strange files inside the xoopsgallery directory structure. May be turning off URL file-access in the servers PHP configuration disables the hack. Other posiblity may be the hack check in each php file should be extended (it validates empty $GALLERY_BASEDIR variables) to make sure it is pointing to the local XOOPS installation.
If I can be of any help, please let me know.
EE99
