mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #56717
[Bug 1851699] Re: cron.php with '$cfg->urlsecret' dosen't work on cronjob under PHP FastCGI enviroment.
I think it's better to use isset(['REQUEST_METHOD']) instead of
php_sapi_name(), because both web access and cron run returns 'cgi-fcgi'
as PHP mode.
File to modify:
lib/cron.php
Line:
40
[before]
if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error'));
}
}
[after]
if (isset($_SERVER['REQUEST_METHOD']) && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error'));
}
}
Ref:
[How to determine if a PHP file is loaded via cron/command line - Stack Overflow]
https://stackoverflow.com/questions/1854297/how-to-determine-if-a-php-file-is-loaded-via-cron-command-line/1854325#1854325
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1851699
Title:
cron.php with '$cfg->urlsecret' dosen't work on cronjob under PHP
FastCGI enviroment.
Status in Mahara:
New
Bug description:
When we set $cfg->urlsecret on config.php, cron.php doesn't work on
cronjob under PHP FastCGI environment.
So we need to add one more condition to cron.php as below.
File to modify:
lib/cron.php
Line:
40
[before]
if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error'));
}
}
[after]
if (php_sapi_name() != 'cli' && substr(php_sapi_name(), 0, 3) !== 'cgi' && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error'));
}
}
Ref:
[PHP: php_sapi_name - Manual]
https://www.php.net/manual/en/function.php-sapi-name.php
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1851699/+subscriptions
References