Fixing the “Safe Path Not Found” issue in Virtuemart.
There was a security issue with virtuemart where versions between 2.0.8 and 2.0.22a have an SQL injection vulnerability. I had two client sites with this issue.
When I tried to update Virtuemart, I ran into a variety of errors. Most of these pointed to the safe path.
I found a workaround that someone had posted at http://forum.virtuemart.net/index.php?topic=106226.0
The idea was to go to virtuemart, configuration, template, safe path and change it to the location of your log files. (ie /var/log/ in my case). The log folder is interesting in that the permissions are 755 and it is above the root as virtuemart suggests. In many cases, the user can’t change permissions on folders above the html folder since they are usually owned by root, not the user.
I did get errors that the invoices folder had to be created but that seemed to resolve itself.
One danger to this approach would be if your hosting company thought that the virtuemart generated folder in the logs folder was an error and deleted it.
At least it works for now.
- Installation of VIrtuemart in Joomla – workaround
- Workaround for scanning issues with a Sharp MX-C311 and WIndows 7
- Shading Cells in Ruby depending on the contents of the cell
- Capturing failed logins when using adauth
- A quick way to have a link_to show as a button instead of a text link
- Fabrik for joomla 2.1 to 3.x migration.
- Joomla Backups
- Ruby on Rails – Shading cells depending on the value of the cell