oscMax Admin page reports configure.php as writeable when it is not

My first modification to oscMax while I test it for use on my store.

The admin screen on first login will advise if the includes/configure.php file is writeable. This message will persist regardless of the settings of the includes/configure.php

The issue is that the admin/includes/configure.php settings are referenced with the same error message settings as the catalog configure.php.

An option to fix this is to rename the constant in admin/includes/languages/english/index.php at line 115, but given that both the catalog and admin files should be checked as a rule, I’ve added a new constant for the admin file and made another alteration to test both files.

This will help new users when first setting up oscMax as I think the admin screen is commonly the starting point and to highlight the permissions issue for the catalog in admin as well would be helpful.

The required changes to support this are:

admin/includes/languages/english/index.php
modify the setting at line 115

[php]define(‘WARNING_CONFIG_FILE_WRITEABLE’, ‘Error: I am able to write to the catalog configuration file: ‘ . (DIR_FS_CATALOG) . ‘includes/configure.php. This is a potential security risk – please set the right user permissions on this file.’);[/php]
:: only change is to add the word ‘catalog’ in the text.

Then add a new constant setting at line 116
[php]define(‘WARNING_ADMIN_CONFIG_FILE_WRITEABLE’, ‘Error: I am able to write to the admin configuration file: ‘ . (DIR_FS_ADMIN) . ‘includes/configure.php. This is a potential security risk – please set the right user permissions on this file.’);[/php]
:: the main changes here highlight that its the admin configure file that is the issue.

Then update the system.php file that calls the above messages:
:: the main changes are copying the config check to test the catalog configure, the nesting of the dirname function to get the parent directory for the catalog, and the change to the code comments to differentiate between the two checks.

admin/includes/modules/dashboard/system.php
at around line 117 to modify the existing admin file check to use the new constant above and to copy/modify this section of code to check the catalog at the same time.

This should result in the admin home screen presenting two different warnings if either (or both) of the configure.php files are writeable.

If you copy and past from the above you should paste it to an editor that will check syntax as the formatting 0f the ‘ characters is incorrect. The comments are also doing something funny and I had to edit them.  I’ll try to update this post with working copy and paste at some stage.

Leave a Reply

Your email address will not be published. Required fields are marked *