From 29c92d7b080152bfc8c60b90c185e2faab2a6bbb Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 23 Jan 2016 12:13:03 +0300 Subject: [PATCH] prevent frontend updating of feeds on view if open_basedir is set to prevent plugins potentially not working correctly (i.e. if backend system has open_basedir disabled) --- classes/api.php | 4 +++- classes/feeds.php | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/classes/api.php b/classes/api.php index c3ea627fd..9be04cff9 100644 --- a/classes/api.php +++ b/classes/api.php @@ -416,7 +416,9 @@ class API extends Handler { $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]); - update_rss_feed($feed_id, true); + if (!ini_get("open_basedir")) { + update_rss_feed($feed_id, true); + } $this->wrap(self::STATUS_OK, array("status" => "OK")); } diff --git a/classes/feeds.php b/classes/feeds.php index eff66dda6..cb1b032d1 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -166,7 +166,7 @@ class Feeds extends Handler_Protected { $method_split = explode(":", $method); - if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) { + if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed) && !ini_get("open_basedir")) { // Update the feed if required with some basic flood control $result = $this->dbh->query(