WordPress.org

Ready to get started?Download WordPress

Forums

What if ../naam.php is not allowed in php code (12 posts)

  1. rein
    Member
    Posted 8 years ago #

    I would like to install WP on my website http://www.reinsmedinga.nl but my webhost uses safe php and does not allow moving up a directory. So thinks like
    require_once('../wp-config.php');
    or
    file_exists('../wp-config.php')
    will not work.

    Is there a version of WP without this or can someone point out what php-files contain such things and how I can possible got around this.

    Thnx.

  2. Yngwin
    Member
    Posted 8 years ago #

    I think the only place where you would come across this is in wp-admin/admin.php. Everything else should go through the root folder's index.php and wp-blog-header.php anyway. Or am I missing something?

  3. rein
    Member
    Posted 8 years ago #

    Ok, but how can I solve this?
    I have moved the files from wp-admin to the root directory, but then more thinks go wrong with finding files. Step 1 and 2 of the installing go well then, but login in and such are going wrong, I think because WP is then confused about where to find everything.

  4. jaseone
    Member
    Posted 8 years ago #

    WordPress should work fine with PHP Safe Mode switched on, who is your host?

    Also can you create a file info.php with the below contents and provide a link to the file?

    <?php
    phpinfo();
    ?>

  5. rein
    Member
    Posted 8 years ago #

    Doing this results in

    Warning: phpinfo() has been disabled for security reasons in /mnt/storage2/r/re/reinsmedinga.nl/html/phpinfo.php on line 2

    My provider says it uses PHP versie 4.0.
    My provider is Active 24 in the Netherlands.

    The problem is not the safe mode, I think, but that constructions like ../<file> are disabled.

  6. rein
    Member
    Posted 8 years ago #

    I've got more info:
    With http://www.reinsmedinga.nl/capa.php more info about the php version can be found.

  7. rein
    Member
    Posted 8 years ago #

    I have now tried to move all php-file up one directory into the root of my log and deleted all /wp-admin/ parts.
    I can now install my weblog and can even see it appear.

    However, I cannot login, probably because some paths now point to the root directory of my blog-directory. So simply deleting /wp-admin in all paths in php-code is not the solution.

    Also, I have moved wp-config.php down to the wp-admin dir. But this also confused wp.

    Is there somewhere a variable pointing to the blog-dir itself that I should adapt somewhere?

  8. Yngwin
    Member
    Posted 8 years ago #

    Leave the wp-admin older as is, just adjust the wp-admin/admin.php file to use the full path for the required file.

  9. rein
    Member
    Posted 8 years ago #

    changing ../wp-config.php to

    /mnt/storage2/r/re/reinsmedinga.nl/html/blog/wp-config.php

    or

    /ext/r/re/reinsmedinga.nl/html/blog/wp-config.php

    still gives the error message that the wp-config.php file is not found.
    It seems that not only ../ is not allowed, but also full paths are not allowed as well.

    How to proceed now?

  10. rein
    Member
    Posted 8 years ago #

    ..addition:
    When outcommenting the die-action is wp-admin/install.php it gives the error:

    Warning: main(): open_basedir restriction in effect. File(/mnt/storage2/r/re/reinsmedinga.nl/html/blog/wp-config.php) is not within the allowed path(s): (.) in /mnt/storage2/r/re/reinsmedinga.nl/html/blog/wp-admin/install.php on line 7

  11. Reading http://php.net/features.safe-mode it looks like the way your host has setup PHP is not particularly sensible:

    The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

    This means that you could work around the issue with a lot of changes to the WordPress code but I would advise looking for a better host - this setup doesn't look very sensible at all and will likely break any non-trivial PHP web application.

  12. rein
    Member
    Posted 8 years ago #

    I have forwarded your remark to my host (without any hope that something will improve, but you'll never know).

    Indeed, I already found out that a lot of changes are needed to let wordpress work on my website with all these restrictions.

Topic Closed

This topic has been closed to new replies.

About this Topic