|
|
| Author |
Message |
TheWitness
Developer
Joined: 14 May 2002
Posts: 9697
Location: MI, USA
|
 Posted: Wed Feb 13, 2008 8:39 pm Post subject: |
 |
|
I believe the megaman fix to be secure.
TheWitness |
|
| Back to top |
|
 |
tymbow
Joined: 14 May 2005
Posts: 48
|
| Posted: Thu Feb 14, 2008 12:00 am Post subject: |
|
|
| Make that 5 people with the problem (except I am on Windows). |
|
| Back to top |
|
|
faustovetter@gmail.com
Joined: 14 Feb 2008
Posts: 1
|
| Posted: Thu Feb 14, 2008 12:40 pm Post subject: Possible workaround without touching the code |
|
|
Hi,
I also observed this behavior. So, to make sure it runs, I just assured that alias path on the web-browser is the same as the cacti linux sub-folder.
Clarifying what I wrote above:
E.g.:
your alias on your browser: http://localhost/cacti/index.php
your cacti home folder: /home/cactiuser/cacti/
Cacti sub-folder: /cacti
Web-browser alias: /cacti
So cacti can find all files on both structures (alias and path).
 |
|
| Back to top |
|
|
chronos
Joined: 12 Feb 2008
Posts: 5
|
| Posted: Thu Feb 14, 2008 1:01 pm Post subject: |
|
|
It's a way around the bug, but doesn't solve it unfortunately. And you're also exposing yourself to potential future exploits by having a "standard" xxx/cacti form.
The FreeBSD port (and I assume Linux's "ports/rpm") install in a xxx/cacti folder and the modification of the Alias is to somewhat secure cacti from standard exploits that target xxx/cacti. |
|
| Back to top |
|
|
just_me
Joined: 16 Mar 2006
Posts: 1
|
| Posted: Mon Feb 18, 2008 8:02 am Post subject: |
|
|
Hello!
I have the FreeBSD installation from ports:
I added some debug here:
| Code: |
echo "\nInvalid PHP_SELF Path \n";
echo $_SERVER["PHP_SELF"] ;
echo " - ";
echo $_SERVER["DOCUMENT_ROOT"];
echo " - ";
echo $_SERVER["SCRIPT_FILENAME"];
exit;
|
This show me:
Invalid PHP_SELF Path /cacti/index.php - /usr/local/www/apache22/data - /usr/local/share/cacti/index.php
As we can see, this installed not under DOCUMENT_ROOT, but cacti checked for this. |
|
| Back to top |
|
|
Linuturk
Joined: 09 Feb 2007
Posts: 38
Location: Tallahassee, Florida
|
| Posted: Fri Feb 22, 2008 10:17 am Post subject: |
|
|
I've got the same problem after upgrading using the Ubuntu Gutsy package, but I can't find global.php in /usr/share/cacti/site/include/
Any help? |
|
| Back to top |
|
|
fmangeant
Cacti Guru User
Joined: 19 Sep 2003
Posts: 2325
Location: Sophia-Antipolis, France
|
| Posted: Fri Feb 22, 2008 10:18 am Post subject: |
|
|
Hi
with Debian/Ubuntu, is it under /etc/cacti ? |
|
| Back to top |
|
|
Linuturk
Joined: 09 Feb 2007
Posts: 38
Location: Tallahassee, Florida
|
| Posted: Fri Feb 22, 2008 10:25 am Post subject: |
|
|
Nope, not there either.
I've done a $ locate global.php
and it doesn't show up . . . |
|
| Back to top |
|
|
GraveR
Joined: 23 Feb 2008
Posts: 1
|
| Posted: Sat Feb 23, 2008 6:38 am Post subject: |
|
|
For Ubuntu Gutsy, the file you're looking for is '/usr/share/cacti/site/include/config.php'
The fix mentioned works. |
|
| Back to top |
|
|
Linuturk
Joined: 09 Feb 2007
Posts: 38
Location: Tallahassee, Florida
|
| Posted: Sat Feb 23, 2008 4:46 pm Post subject: |
|
|
Thank you so much. The fix is confirmed to work for me in the file mentioned above  |
|
| Back to top |
|
|
petaramesh
Joined: 24 Feb 2008
Posts: 1
|
| Posted: Sun Feb 24, 2008 3:42 am Post subject: Same problem, same fix |
|
|
For the record, same problem in Ubuntu Gutsy after upgrading the cacti package yesterday.
Fixed by applying Megaman's fix on /usr/share/cacti/site/include/config.php line 87.
Thanks. |
|
| Back to top |
|
|
thavinci
Joined: 06 Nov 2007
Posts: 16
Location: Port-Elizabeth
|
| Posted: Sun Feb 24, 2008 5:29 pm Post subject: Same Issue Here! |
|
|
Wel ive got the exact same problem here....
Running on FreeBSD6.2.
megaman's fix worked for me. |
|
| Back to top |
|
|
sllywhtboy
Joined: 09 Jul 2006
Posts: 29
Location: detroit'ish
|
| Posted: Sun Feb 24, 2008 5:36 pm Post subject: |
|
|
config.php tweaks in ubuntu edgy didn't work.  |
|
| Back to top |
|
|
netmirror
Joined: 25 Feb 2008
Posts: 1
|
|
| Back to top |
|
|
wasca
Joined: 22 Feb 2008
Posts: 2
|
| Posted: Mon Feb 25, 2008 11:41 pm Post subject: |
|
|
I can confirm that upgrading cacti to 0.8.0.6h on Ubuntu Dapper 6.06 LTS breaks cacti but this fixes it.
edit /usr/share/cacti/site/include/config.php
Look at line 86
Replace this line
| Code: | if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], $_SERVER["PHP_SELF"])))) {
|
With this
| Code: | | if (!((is_file($_SERVER["SCRIPT_FILENAME"])))) { |
I had to run through the install process after doing this. All my data was still there.
Hope this helps. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
