Directory traversal

Directory traversal

am 22.09.2007 07:35:35 von writebrent

I'm having a maddening problem that's probably simple in its solution.
I'm installing MediaWiki on a Windows 2003 Server under IIS, and I'm
having this error repeatedly:

Warning: require_once(../StartProfiler.php) [function.require-once]:
failed to open stream: No such file or directory in C:\Inetpub\vhosts
\....\includes\WebStart.php on line 69

As I understand it, the error is saying that it can't find the path to
the file "StartProfiler.php". As a matter of fact, this file exists
one directory level above the "\includes\" directory. It seems -- on a
*nix box at least, or perhaps an Apache web server -- that the
indicator "../" would tell PHP this fact. On my Windows setup,
however, it does not.

I changed the "../" to "..\", which worked for a little bit, but now
it's back to the same error.

Is this an easy issue? Am I missing something?

Thanks for any help you might have.

--Brent

Re: Directory traversal

am 22.09.2007 10:23:06 von gosha bine

Brent wrote:
> I'm having a maddening problem that's probably simple in its solution.
> I'm installing MediaWiki on a Windows 2003 Server under IIS, and I'm
> having this error repeatedly:
>
> Warning: require_once(../StartProfiler.php) [function.require-once]:
> failed to open stream: No such file or directory in C:\Inetpub\vhosts
> \....\includes\WebStart.php on line 69
>
> As I understand it, the error is saying that it can't find the path to
> the file "StartProfiler.php". As a matter of fact, this file exists
> one directory level above the "\includes\" directory. It seems -- on a
> *nix box at least, or perhaps an Apache web server -- that the
> indicator "../" would tell PHP this fact. On my Windows setup,
> however, it does not.
>
> I changed the "../" to "..\", which worked for a little bit, but now
> it's back to the same error.
>
> Is this an easy issue? Am I missing something?
>
> Thanks for any help you might have.
>
> --Brent
>

hi

paths starting with '.' are resolved relative to the current directory,
which, in the common case, is NOT the directory where the script is.

Try using absolute paths, e.g.

require_once(dirname(__FILE__) . '/../StartProfiler.php');


--
gosha bine

extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok