mod_Sec

Status
Not open for further replies.
L

lankatr

New Member
Messages
24
Reaction score
0
Points
0
An apache mod_sec rule is preventing a script (timthumb.php) from running on my .
site. Could you please whitelist my domain so it is allowed to run?
 
L

lankatr

New Member
Messages
24
Reaction score
0
Points
0
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/local/apache/htdocs/home/uploads/wpclassifieds/2010/06/10/1715-1.jpg) is not within the allowed path(s): (/home/:/tmp) in /home/lankatr/public_html/wp-content/themes/wpclassifieds/includes/timthumb.php on line 567


Warning: Cannot modify header information - headers already sent by (output started at /home/lankatr/public_html/wp-content/themes/wpclassifieds/includes/timthumb.php:567) in /home/lankatr/public_html/wp-content/themes/wpclassifieds/includes/timthumb.php on line 473
 
D

dlukin

New Member
Messages
427
Reaction score
25
Points
0
That is not mod_sec as far as I can see.

Open home/lankatr/public_html/wp-content/themes/wpclassifieds/includes/timthumb.php in a decent editor.

Copy the lines roughly 560-575 here so we can see exactly what the script is calling and if there is an easy fix.
 
Last edited:
xav0989

xav0989

Community Public Relation
Community Support
Messages
4,467
Reaction score
95
Points
0
The script is not referencing to the right file using the right path. You must either manually edit the script so that it uses the right path or change extension.
 
L

lankatr

New Member
Messages
24
Reaction score
0
Points
0
function checkExternal ($src) {

$allowedSites = array(
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
'img.youtube.com',
);

if (preg_match('/http:\/\//', $src) == true) {

$url_info = parse_url ($src);

$isAllowedSite = false;
foreach ($allowedSites as $site) {
$site = '/' . addslashes($site) . '/';
if (preg_match($site, $url_info['host']) == true) {
$isAllowedSite = true;
}
}


Cheers
 
L

lankatr

New Member
Messages
24
Reaction score
0
Points
0
how to manually edit the script??
sorry I'm not fluent in PHP.
Cheers
 
Z

zapzack

New Member
Messages
606
Reaction score
19
Points
0
For some reason the script is calling /usr/local/apache/htdocs/home/uploads/wpclassifieds/2010/06/10/1715-1.jpg instead of /home/lankatr/public_html/uploads/wpclassifieds/2010/06/10/1715-1.jpg like it should be. Check the mod's configuration in the wp-admin panel.
 
Status
Not open for further replies.
Top