diff options
| author | Andrew Dolgov <[email protected]> | 2016-01-23 12:13:03 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2016-01-23 12:13:03 +0300 |
| commit | 29c92d7b080152bfc8c60b90c185e2faab2a6bbb (patch) | |
| tree | e67d24e363d5e8510e2eeb2c78e35e29488414cb /classes | |
| parent | 8f2268dd5e45da32a9d1cff1e8781fd840c1043e (diff) | |
prevent frontend updating of feeds on view if open_basedir is set to prevent plugins potentially not working correctly (i.e. if backend system has open_basedir disabled)
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/api.php | 4 | ||||
| -rwxr-xr-x | classes/feeds.php | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/classes/api.php b/classes/api.php index c3ea627fd..9be04cff9 100644 --- a/classes/api.php +++ b/classes/api.php @@ -416,7 +416,9 @@ class API extends Handler { $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]); - update_rss_feed($feed_id, true); + if (!ini_get("open_basedir")) { + update_rss_feed($feed_id, true); + } $this->wrap(self::STATUS_OK, array("status" => "OK")); } diff --git a/classes/feeds.php b/classes/feeds.php index eff66dda6..cb1b032d1 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -166,7 +166,7 @@ class Feeds extends Handler_Protected { $method_split = explode(":", $method); - if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) { + if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed) && !ini_get("open_basedir")) { // Update the feed if required with some basic flood control $result = $this->dbh->query( |