when trying to autoload simplesaml classes, If _simplesaml_auth_autoload find that simplesaml's autoload (lib/_autoload.php) exists
it will require it.

But If the file exists, but it isn't readable (for example no read permission on this file), drupal will WSOD:

Warning: require_once(/var/www/html/shib/lib/_autoload.php): failed to open stream: Permission denied in _simplesaml_auth_autoload() (line 98 of simplesamlphp_auth.module).

I think that an is_readable check should be added (or replace file_exists) in _simplesaml_auth_autoload.

Also the same check should also be added in simplesamlphp_auth_requirements.

Comments

zekvyrin’s picture

zekvyrin commented
Issue summary: View changes
Stevel’s picture

Stevel commented
Priority: Major » Normal

I don't think this qualifies as a major issue. A simple "workaround" is to fix your file permissions.

zekvyrin’s picture

zekvyrin commented

What you should do is yes, fix file permissions.

Because Drupal will WSOD (if you don't have proper permissions in first place), I think it does qualify as major.

And if you don't check webserver's error log (or maybe you don't have access to) you won't find that's wrong.

What I proposed is for the module not to require unreadable file (this will resolve WSOD) (but return false instead)
& to notify user that file is not readable in simplesamlphp_auth_requirements, so he can fix it.

For me, yes I could just read the error log and fix the file.

snufkin’s picture

snufkin commented

I think we should have both is_readable and file_exists checks so that we can trigger the appropriate error message to the user.