View Issue Details

IDProjectCategoryView StatusLast Update
0000458WackoWikisecuritypublic2017-08-31 09:36
ReporterCodeFetch Assigned Toadministrator  
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version5.4.0 
Target Version5.5.0Fixed in Version5.5.0 
Summary0000458: Check whether opendir() was successful
DescriptionHi folks,

WackoWiki is really a great tool, but it was utmost frustrating to getting it running properly.

This issue concerns the stable, testing and the development branch.
I really don't like Sourceforge, neither do I like that this shitty bugtracker system doesn't even have TLS... So sorry for not committing the patch.

Why is it a security concern? Because this can easily cause extreme load on the server by simply doing many requests which can even render the server unusuable.


You often do something like that when working with opendir:

                $directory = $this->config['cache_dir'].CACHE_PAGE_DIR;
                $handle = opendir(rtrim($directory, '/'));

                while (false !== ($file = readdir($handle)))
                {
                    if (is_file($directory.$file) &&
                    ((time() - @filemtime($directory.$file)) > $ttl))
                    {
                        @unlink($directory.$file);
                    }
                }

Minor beginner PHP mistake

The problem with that is, that you do a readdir($handle) before ever having checked whether the opendir() was successful.
What if the directory doesn't even exist or file permissions are set incorrectly???
As this part of the code is being executed at random times only, due to "$this->get_micro_time() % 3" you have a really, really annoying bug.

The simple fix is to only do the while-loop and the dirclose() if opendir() was successful:
                // delete from fs
                clearstatcache();

                $directory = rtrim($this->config['cache_dir'].CACHE_PAGE_DIR, '/');

                if($handle = opendir($directory))
                {
                    while (false !== ($file = readdir($handle)))
                    {
                        if (is_file($directory.$file) &&
                        ((time() - @filemtime($directory.$file)) > $ttl))
                        {
                            @unlink($directory.$file);
                        }
                    }

                    closedir($handle);
                }


Look at the example on http://php.net/manual/en/function.readdir.php

You did everything exactly the same way (even variable-naming), but forgot the if($handle = opendir("bla"))...

Greetz,
CodeFetch
Steps To ReproduceJust delete the subdirs in _cache and reload one of the WackoWiki-pages several times. An Error 500 or maybe "Max execution time exceeded" will be thrown depending on your server config.

Sometimes you need to reload the page very often to see this issue, as it is triggered randomly due to those lines:

if (!($this->get_micro_time() % 3))
{
    
    $this->maintenance();
}
Additional InformationPlease switch to Github.

-> Mercurial: https://bitbucket.org/wackowiki/wackowiki-dev/overview
TagsNo tags attached.

Activities

administrator

2016-04-25 08:03

administrator   ~0000962

https://sourceforge.net/p/wackowiki/dev/ci/933878ddec4cf1f7679b4b2ea7655ab05cad2933

Please check and improve the patch.

Issue History

Date Modified Username Field Change
2016-04-25 03:17 CodeFetch New Issue
2016-04-25 07:19 administrator Status new => confirmed
2016-04-25 07:19 administrator Product Version => 5.4.0
2016-04-25 07:19 administrator Target Version => 5.5.0
2016-04-25 07:19 administrator Steps to Reproduce Updated
2016-04-25 07:19 administrator Additional Information Updated
2016-04-25 08:03 administrator Note Added: 0000962
2016-04-25 08:07 administrator Summary Minor beginner PHP mistake => Check whether opendir() was successful
2016-04-25 08:07 administrator Description Updated
2016-05-03 14:45 administrator Assigned To => administrator
2016-05-03 14:45 administrator Status confirmed => resolved
2016-05-03 14:45 administrator Resolution open => fixed
2016-05-03 14:45 administrator Fixed in Version => 5.5.0
2016-09-21 09:18 administrator Fixed in Version 5.5.0 => 5.5.rc2
2017-08-31 09:36 administrator Fixed in Version 5.5.rc2 => 5.5.0