← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #56717

[Bug 1851699] Re: cron.php with '$cfg->urlsecret' dosen't work on cronjob under PHP FastCGI enviroment.

  Thread PreviousDate PreviousThread Next 
I think it's better to use isset(['REQUEST_METHOD']) instead of
php_sapi_name(), because both web access and cron run returns 'cgi-fcgi'
as PHP mode.

File to modify:
lib/cron.php

Line:
40

[before]
if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
    $urlsecret = param_alphanumext('urlsecret', -1);
    if ($urlsecret !== get_config('urlsecret')) {
        die_info(get_string('accessdeniednourlsecret', 'error'));
    }
}

[after]
if (isset($_SERVER['REQUEST_METHOD']) && get_config('urlsecret') !== null) {
    $urlsecret = param_alphanumext('urlsecret', -1);
    if ($urlsecret !== get_config('urlsecret')) {
        die_info(get_string('accessdeniednourlsecret', 'error'));
    }
}

Ref:
[How to determine if a PHP file is loaded via cron/command line - Stack Overflow]
https://stackoverflow.com/questions/1854297/how-to-determine-if-a-php-file-is-loaded-via-cron-command-line/1854325#1854325

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1851699

Title:
  cron.php with '$cfg->urlsecret' dosen't work on cronjob under PHP
  FastCGI enviroment.

Status in Mahara:
  New

Bug description:
  When we set $cfg->urlsecret on config.php, cron.php doesn't work on
  cronjob under PHP FastCGI environment.

  So we need to add one more condition to cron.php as below.

  File to modify:
  lib/cron.php

  Line:
  40

  [before]
  if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
      $urlsecret = param_alphanumext('urlsecret', -1);
      if ($urlsecret !== get_config('urlsecret')) {
          die_info(get_string('accessdeniednourlsecret', 'error'));
      }
  }

  [after]
  if (php_sapi_name() != 'cli' && substr(php_sapi_name(), 0, 3) !== 'cgi' && get_config('urlsecret') !== null) {
      $urlsecret = param_alphanumext('urlsecret', -1);
      if ($urlsecret !== get_config('urlsecret')) {
          die_info(get_string('accessdeniednourlsecret', 'error'));
      }
  }

  Ref:
  [PHP: php_sapi_name - Manual]
  https://www.php.net/manual/en/function.php-sapi-name.php

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1851699/+subscriptions

References

  Thread PreviousDate PreviousThread Next