Thanks for that DrByte.. In the case of IH2, it turns out that Tim's code was written to make sure that a wider variety of hosting configurations could use it. At that time there were many hosting services that required "777" in order to make the file/folder "writable by Apache/PHP". Though some of these hosts are still out there, things have changed a bit since Tim's codebase was released..
On some hosts, the folders INSIDE the bmz_cache folder will be created with 777 permissions. While on some hosts the folders inside the bmz_cache will inherit permissions from the parent (which should hopefully be set at 755).
I've been informed that this difference likely has something to do with how PHP is implemented some hosts server.
that is, whether it is running as an apache module
or
whether is run as CGI
After doing a little more digging, I discovered that this was the code which drives the directory creation:
Code:
/**
* Creates a directory hierachy.
*
* @link http://www.php.net/manual/en/function.mkdir.php
* @author <[email protected]>
* @author Andreas Gohr <[email protected]>
* @author Tim Kroeger <[email protected]>
*/
function io_mkdir_p($target){
global $bmzConf;
if (is_dir($target) || empty($target)) return 1; // best case check first
if (@file_exists($target) && !is_dir($target)) return 0;
//recursion
if (io_mkdir_p(substr($target, 0, strrpos($target, '/')))){
if($bmzConf['safemodehack']){
$dir = preg_replace('/^' . preg_quote(realpath($bmzConf['ftp']['root']), '/') . '/', '', $target);
return io_mkdir_ftp($dir);
}else{
return @mkdir($target, 0755); // crawl back up & create dir tree
}
}
return 0;
}
Given that the majority or webhosts are now configured differently than when Tim wrote IH2 in 2006.. So it's possible that some of this code may be obsolete for current hosting configurations.
The changes that I suggested are as follows:
Code:
/**
* Creates a directory hierachy.
*
* @link http://www.php.net/manual/en/function.mkdir.php
* @author <[email protected]>
* @author Andreas Gohr <[email protected]>
* @author Tim Kroeger <[email protected]>
*/
function io_mkdir_p($target){
global $bmzConf;
if (is_dir($target) || empty($target)) return 1; // best case check first
if (@file_exists($target) && !is_dir($target)) return 0;
//recursion
if (io_mkdir_p(substr($target, 0, strrpos($target, '/')))){
/* if($bmzConf['safemodehack']){
$dir = preg_replace('/^' . preg_quote(realpath($bmzConf['ftp']['root']), '/') . '/', '', $target);
return io_mkdir_ftp($dir);
}else{*/
return @mkdir($target, 0755); // crawl back up & create dir tree
// }
}
return 0;
}
Still testing, but I think this ought to resolve the issue and allow IH2 to work across most hosting configurations.
Would love your insight sir..

Originally Posted by
DrByte
No, I didn't say that.
Some mods, including some of the most popular ones, require "writable" folders. That's not necessarily bad. Even Zen Cart itself requires some writable files/folders for normal operation such as the admin uploading product images, and so on. There's nothing wrong with a mod requiring writable files/folders if there's good reason for it. Granted, where possible that should be avoided, but it's not a reason to call it naughty.
In the case of your fears, what's bad is using a hosting service that requires "777" in order to make the file/folder "writable by Apache/PHP" instead of being able to use a lower permission level to accomplish the same thing.
I'm not sure why you're bent on declaring all mods bad for some reason.