Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Able to write to configuration file Question


Geoff Moses

Recommended Posts

Hello everyone!

 

On my osCommerce store I have a pink warning at the top that reads:

 

"Warning: I am able to write to the configuration file: /var/www/html/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

I've changed the chmod setting on the configure.php file to 644. And then to 444 like the installation documentation says to do. Yet I still receive this warning. I also have yet to password protect my admin folder, but I don't think that would have anything to do with this problem.

 

Can anyone suggest any possible reason why this could be occurring and how to fix it? Thankyou.

 

-Geoff

Link to comment
Share on other sites

Hello KGT!

 

I changed the code to:

 

// check if the configure.php file is writeable
if (WARN_CONFIG_WRITEABLE == 'true') {
 if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (substr(sprintf('%o', fileperms(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')), -4) != '0644' ) ) {
$messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE.'<br>'.substr(sprintf('%o', fileperms(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')), -4) , 'warning');
 }
}

 

This is the same as you mentioned in the other thread, with the exception of changing the not equal to to 644 instead off 444. This is because the warning seems to think the configure.php chmod is set to 644 regardless of what I set it to. Is there any issues doing this?

 

Thanks for the help!

 

-Geoff

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...