Zikula Community

• Arthens
  
  

  • Rank: Developer
  • Registered: Mar 29, 2005
  • Last visit: Mar 13, 2010
  • Posts: 228

  Posted: Aug 14, 2007 - 03:16 AM

  I have a problem with the Security Analyzer Warnings, but I don't know if it is a bug or a bad server configuration.
  
  I have uploaded 2 differents snapshot to my production linux server (it sounds so serious... ) and I get the same error:
  Configuration file 'config/config.php' is writable, but should be read-only (644 or 444).
  but config/config.php is 444!
  
  On my local linux server I haven't the problem, so I suppose it's a different server configuration (it's a shared server, I don't know what should be or what I can do).
  
  My question:
  - is it a bug?
  - if not, can I disable that check? The customer wouldn't be happy to see the error.
  
  Thanks, Giacomo
  
  --
  Zikula Italia
  SimpleGallery

  • 
  •  
• **unknown user**
  
  

  • Rank: Helper
  • Registered: Mar 16, 2002
  • Last visit: May 18, 2010
  • Posts: 985

  Posted: Aug 16, 2007 - 12:35 PM

  Probably your shared server is running PHP as CGI [to find out looping scripts].
  try a .htaccess file to get rid of that warning, if you can't connet to your website anymore, it's probably that [delete the .thaccess file].
  Solutions... not sure:
  
  1. the admin template where that errors pops up and delete that line
  2. you can get in touch with that host
  
  I'm only speaking from experience, there might be other solutions, but those or the only ones I know of so far.
  
  - Igor

  • 
  •  
• Landseer
  
  

  • Rank: Team Member
  • Registered: Jan 02, 2003
  • Last visit: Oct 21, 2009
  • Posts: 800

  Posted: Aug 16, 2007 - 07:51 PM

  I can remember this also pops up when a server is based on Windows instead of Linux as the permission checks do not really work in that environment (PHP/Win problem).
  
  
  
  --
  "He is not dangerous, he just wants to play...."

  • 
  •  
• markwest
  
  

  • Rank: Team Member
  • Registered: Mar 18, 2002
  • Last visit: Oct 21, 2009
  • Posts: 6606

  Posted: Aug 16, 2007 - 08:36 PM

  A template override in your theme (or in the config directory) would probably been the best way to eliminate these if the server configuration prevents it.
  
  -Mark
  
  --
  Visit My homepage and Zikula themes.

  • 
  •  
• Arthens
  
  

  • Rank: Developer
  • Registered: Mar 29, 2005
  • Last visit: Mar 13, 2010
  • Posts: 228

  Posted: Aug 17, 2007 - 02:26 AM

  videokid

  Probably your shared server is running PHP as CGI

  
  
  Yes
  
  
  

  markwest

  A template override in your theme (or in the config directory) would probably been the best way to eliminate these if the server configuration prevents it.
  
  -Mark

  
  
  Done.
  
  Thanks, Giacomo
  
  --
  Zikula Italia
  SimpleGallery

  • 
  •  
• jaenosjelantru
  
  

  • Rank: Moderator
  • Registered: Mar 15, 2005
  • Last visit: May 30, 2010
  • Posts: 1077

  Posted: Jun 08, 2008 - 05:25 PM

  I'm tired of seeing this warning because of my silly host.
  
  Where would I put this in my theme?
  
  /themename/templates/modules/Admin/admin_admin_securityanalyzer.htm
  
  Because Admin is in system now, will the above work?

  • 
  •  
• jaenosjelantru
  
  

  • Rank: Moderator
  • Registered: Mar 15, 2005
  • Last visit: May 30, 2010
  • Posts: 1077

  Posted: Jun 08, 2008 - 05:34 PM

  GG retard - I just did it and it worked.
  
  
  So for all those searching in the future, who use HostGator, do the following:
  
  
  Create a Folder called Admin in your themes template/modules folder such as:
  
  
  /Andreas37/templates/modules/Admin
  
  
  Copy the /system/Admin/admin_admin_securityanalyzer.htm file to the previous folder.
  
  
  edit the admin_admin_securityanalyzer.htm file on lines 3 and 8-10. The top of the file should look like this before:
  
  
  

  Code

  <!--[*  $Id: news_user_article.htm 23915 2008-03-09 10:40:46Z rgasch $  *]-->
  <!--[securityutil_checkpermission_block component='::' instance='::' level=ACCESS_ADMIN]-->
  <!--[if $magic_quotes_gpc or $register_globals or $config_php or !$scactive or !$pntemp_htaccess or $upgrade_php or $legacy_mode or !$safehtml or !$scactive or (!$scenabled and $scactive)]-->
  <div id="pn-securityanalyzer">
  <h2><!--[pnml name=_ADMIN_PNSECURITYANALYZER]--></h2>
  <ul>
  <!--[if $config_php]-->
  <li><!--[pnml name=_ADMIN_CONFIG_PHP html=1]--></li>
  <!--[/if]-->
  <!--[if $upgrade_php]-->
  <li><!--[pnml name=_ADMIN_UPGRADE_PHP html=1]--></li>
  <!--[/if]-->
  ...

  
  
  And it should look like this afterwards:
  
  

  Code

  <!--[*  $Id: news_user_article.htm 23915 2008-03-09 10:40:46Z rgasch $  *]-->
  <!--[securityutil_checkpermission_block component='::' instance='::' level=ACCESS_ADMIN]-->
  <!--[if $magic_quotes_gpc or $register_globals or !$scactive or !$pntemp_htaccess or $upgrade_php or $legacy_mode or !$safehtml or !$scactive or (!$scenabled and $scactive)]-->
  <div id="pn-securityanalyzer">
  <h2><!--[pnml name=_ADMIN_PNSECURITYANALYZER]--></h2>
  <ul>
  <!--[if $upgrade_php]-->
  <li><!--[pnml name=_ADMIN_UPGRADE_PHP html=1]--></li>
  <!--[/if]-->
  ...

  
  
  
  I hope that's right; it worked for me.
  
  
  
  edited by: jaenosjelantru, Jun 08, 2008 - 11:34 PM

  • 
  •  
•  
•  

Users on-line

• mesteele101

This list is based on users active over the last 60 minutes.