When safe_mode is off and jpegtran is available&executable, it is possible to fry AcidFree by trying to use jpegtran. I got a 403 error that kept me out of the admin page.

I could not remove the jpegtran location, short of going into the DB to fix it.

What happens, as far as I can gauge: (Sorry - C++ programmer here; I just dabble in PHP.)

  1. AcidFree checks if safe_mode is on. It wasn't. (acidfree_admin_settings())
  2. AcidFree checks if is_executable() is true for jpegtran. It was. (acidfree_rotate_image())
  3. AcidFree calls system() with jpegtran, which presumably crashes, causing a 403 error.

The 403 error can make it impossible to reload the AcidFree admin page and correct things.

Comments

mwheinz’s picture

mwheinz commented
Status: Active » Closed (won't fix)

Closing. No activity for 3 years.