i'll PM you
i'll PM you
Thanks for that DrByte.. In the case of IH2, it turns out that Tim's code was written to make sure that a wider variety of hosting configurations could use it. At that time there were many hosting services that required "777" in order to make the file/folder "writable by Apache/PHP". Though some of these hosts are still out there, things have changed a bit since Tim's codebase was released..
On some hosts, the folders INSIDE the bmz_cache folder will be created with 777 permissions. While on some hosts the folders inside the bmz_cache will inherit permissions from the parent (which should hopefully be set at 755).
I've been informed that this difference likely has something to do with how PHP is implemented some hosts server.
After doing a little more digging, I discovered that this was the code which drives the directory creation:that is, whether it is running as an apache module
or
whether is run as CGI
Given that the majority or webhosts are now configured differently than when Tim wrote IH2 in 2006.. So it's possible that some of this code may be obsolete for current hosting configurations.Code:/** * Creates a directory hierachy. * * @link http://www.php.net/manual/en/function.mkdir.php * @author <[email protected]> * @author Andreas Gohr <[email protected]> * @author Tim Kroeger <[email protected]> */ function io_mkdir_p($target){ global $bmzConf; if (is_dir($target) || empty($target)) return 1; // best case check first if (@file_exists($target) && !is_dir($target)) return 0; //recursion if (io_mkdir_p(substr($target, 0, strrpos($target, '/')))){ if($bmzConf['safemodehack']){ $dir = preg_replace('/^' . preg_quote(realpath($bmzConf['ftp']['root']), '/') . '/', '', $target); return io_mkdir_ftp($dir); }else{ return @mkdir($target, 0755); // crawl back up & create dir tree } } return 0; }
The changes that I suggested are as follows:
Still testing, but I think this ought to resolve the issue and allow IH2 to work across most hosting configurations.Code:/** * Creates a directory hierachy. * * @link http://www.php.net/manual/en/function.mkdir.php * @author <[email protected]> * @author Andreas Gohr <[email protected]> * @author Tim Kroeger <[email protected]> */ function io_mkdir_p($target){ global $bmzConf; if (is_dir($target) || empty($target)) return 1; // best case check first if (@file_exists($target) && !is_dir($target)) return 0; //recursion if (io_mkdir_p(substr($target, 0, strrpos($target, '/')))){ /* if($bmzConf['safemodehack']){ $dir = preg_replace('/^' . preg_quote(realpath($bmzConf['ftp']['root']), '/') . '/', '', $target); return io_mkdir_ftp($dir); }else{*/ return @mkdir($target, 0755); // crawl back up & create dir tree // } } return 0; }
Would love your insight sir..
Last edited by DivaVocals; 24 Jul 2010 at 06:38 PM.
My Site - Zen Cart & WordPress integration specialist
I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.
It's worth a try.
Maybe McShane will volunteer to test it to prove that it's working satisfactorily?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
i would be more than happy to test. In fact, if you wish i can create you a webspace on one of my servers, give you FTP access and you can play yourself?
just let me know, it will take 10 mins to set up.
(but please note, its almost 7pm in newcastle, fast approching beer o clock... try an let me know before 7 otherwise if you want to take me up on the offer it wil be 2moro)
Thanks.. I also asked ckosloff and a couple of other programmers to take a look at my proposed code changes.. I also have a few folks testing it as well..
The downside is that it's likely that older hosting configurations will not be able to use IH2 which is why we will likely just comment the code out (versus removing it altogether) This way those who need the original code can still use it (with a little instruction of course..)
My Site - Zen Cart & WordPress integration specialist
I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.
Instead of commenting out the code, you could find out where the bmz safemode flag is set, and change the rules for that to be most compatible across hosting environments.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Actually that safemode function is turned off by default and is never executed at all, and unless one is rooting around in the IH2 code, I don't think many know it's even there.. Which is why I commented it out.. It's a long forgotten buried feature Tim included for some hosting configurations:
From Tim's site:
There is NO reference to it in the IH2 readme file (not even the one Tim created that I started out with when I updated the IH2 readme file). I wouldn't have known about it except I was digging through the IH2 code.The safemodehack option tries to solve problems with creating and deleting server-created directories on servers having safe_mode or safe_mode_gid enabled. It is not thoroughly tested yet so any feedback is welcome.
To use it it has to be turned on, and the settings are in a configuration file:
and the safemode function code is here:Code:/* Safemode Hack */ /*$bmzConf['safemodehack'] = 0; //read http://wiki.breakmyzencart.com/zen-cart:safemodehack ! $bmzConf['ftp']['host'] = 'localhost'; $bmzConf['ftp']['port'] = '21'; $bmzConf['ftp']['user'] = 'user'; $bmzConf['ftp']['pass'] = 'password'; $bmzConf['ftp']['root'] = DIR_FS_CATALOG;*/
We're toying with the idea of simply commenting out all of this code because it applies to hosting configurations that are in the serious minority.. However for the FEW hosts that still need this safemode hack the code will still be available..Code:/** * Creates a directory using FTP * This is used when the safemode workaround is enabled * @author <[email protected]> */ function io_mkdir_ftp($dir){ global $messageStack; global $bmzConf; if(!function_exists('ftp_connect')){ $messageStack->add("FTP support not found - safemode workaround not usable", "error"); return false; } $conn = @ftp_connect($bmzConf['ftp']['host'], $bmzConf['ftp']['port'], 10); if(!$conn){ $messageStack->add("FTP connection failed", "error"); return false; } if(!@ftp_login($conn, $bmzConf['ftp']['user'], $bmzConf['ftp']['pass'])){ $messageStack->add("FTP login failed", "error"); return false; } //create directory $ok = @ftp_mkdir($conn, $dir); //set permissions (using the directory umask) @ftp_site($conn, sprintf("CHMOD %04o %s", (0777 - $bmzConf['dmask']), $dir)); @ftp_close($conn); return $ok; }
Your thoughts.. Should we approach this differently??
My Site - Zen Cart & WordPress integration specialist
I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.
Safe Mode is highly discouraged and will no longer even exist in PHP 6.
I see no reason not to drop support for it altogether. Anyone using such old hosting that requires safe mode shouldn't be running an ecommerce site on that hosting service anyway.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
My thoughts exactly.. ckosloff seems to be erring on the side of caution.. I want to disable the safemode function, by commenting it out. Though I am not opposed to simply deleting the code a together and simply adding a line to the readme that indicates hosting setups that will NOT be able to use IH2..
So I'm am waiting for feedback from the code gurus who I have asked to look at this.. Plus I am waiting for feedback from my testers.. (My testing on my own servers is all good..) Then I can wrap this all up and get it resubmitted..
Thanks again for your input!
Last edited by DivaVocals; 24 Jul 2010 at 08:07 PM.
My Site - Zen Cart & WordPress integration specialist
I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.
Bookmarks