Chyrp是个轻量级的CMS/Blog平台,可以用来在小项目和低配置机器上替代Wordpress。但是在设置了Safe Mode的平台上安装时,会遇到一些问题,需要手动调整。
Warning: glob() has been disabled for security reasons in /root_dir/chyrp_dir/includes/class/Theme.php on line 200
这是最严重的问题,系统设置禁用了glob函数,Chyrp无法获取当前目录下文件列表,会造成sytesheets路径出问题,页面显示不正常。解决方法是在chyrp_dir/include中创建文件sec_glob.php,内容为
<?php
/**#@+
* Extra GLOB constant for safe_glob()
*/
define('GLOB_NODIR',256);
define('GLOB_PATH',512);
define('GLOB_NODOTS',1024);
define('GLOB_RECURSE',2048);
/**#@-*/
/**
* A safe empowered glob().
*
* Function glob() is prohibited on some server (probably in safe mode)
* (Message "Warning: glob() has been disabled for security reasons in
* (script) on line (line)") for security reasons as stated on:
* http://seclists.org/fulldisclosure/2005/Sep/0001.html
*
* safe_glob() intends to replace glob() using readdir() & fnmatch() instead.
* Supported flags: GLOB_MARK, GLOB_NOSORT, GLOB_ONLYDIR
* Additional flags: GLOB_NODIR, GLOB_PATH, GLOB_NODOTS, GLOB_RECURSE
* (not original glob() flags)
* @author BigueNique AT yahoo DOT ca
* @updates
* - 080324 Added support for additional flags: GLOB_NODIR, GLOB_PATH,
* GLOB_NODOTS, GLOB_RECURSE
*/
function safe_glob($pattern, $flags=GLOB_PATH) {
$split=explode('/',str_replace('\\','/',$pattern));
$mask=array_pop($split);
$path=implode('/',$split);
if (($dir=@opendir($path))!==false) {
$glob=array();
while(($file=readdir($dir))!==false) {
// Recurse subdirectories (GLOB_RECURSE)
if( ($flags&GLOB_RECURSE) && is_dir($file) && (!in_array($file,array('.','..'))) )
$glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
($flags&GLOB_PATH?'':$file.'/')));
// Match file mask
if (fnmatch($mask,$file)) {
if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
&& ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
&& ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
$glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
}
}
closedir($dir);
if (!($flags&GLOB_NOSORT)) sort($glob);
return $glob;
} else {
return false;
}
}
/**
* A better "fnmatch" alternative for windows that converts a fnmatch
* pattern into a preg one. It should work on PHP >= 4.0.0.
* @author soywiz at php dot net
* @since 17-Jul-2006 10:12
*/
if (!function_exists('fnmatch')) {
function fnmatch($pattern, $string) {
return @preg_match('/^' . strtr(addcslashes($pattern, '\\.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i', $string);
}
}
?>
编辑chyrp_dir/include/Theme.php,在代码最前面加入
require_once("sec_glob.php");
查找并替换所有glob为safe_glob。对于其它不重要的函数调用可以通过给函数名前加@关闭警告信息,如替换opendir为@opendir即可。
