"Security violation" error on upgrade from 1.4.4-pl4 to 1.5.3

cheeni
cheeni's picture

Joined: 2006-08-07
Posts: 1
Posted: Mon, 2006-08-07 07:30

Gallery version: 1.5.3
Apache version: Apache/1.3.33 (Unix) mod_throttle/3.1.2 DAV/1.0.3 mod_fastcgi/2.4.2 mod_gzip/1.3.26.1a PHP/4.4.2 mod_ssl/2.8.22 OpenSSL/0.9.7e
PHP version: Tested on both 4.4.2 and 5.1.2
Graphics Toolkit: ImageMagick 6.0.6 01/28/06 Q16
Operating system: Linux 2.4.32
Web browser/version (if applicable): Firefox 1.5.06 / IE 6

-------------------------------

I have a gallery installation hosted on dreamhost. It's a tarball install, not the dreamhost one-click.

I upgraded the gallery install from 1.4.4-pl4 to 1.5.3 last evening, and after a successful configuration I ran secure.sh and navigated to /gallery to be greeted by a message that said "Security violation".

Interestingly, despite running secure.sh I am able to access the /setup directory, even though from the ssh terminal I can see that the file permissions are set correctly by secure.sh.

Here's the view from the shell
[I've asterisked out the username for security]

$ls -lad .htaccess config.php setup/
-rw-r--r-- 1 ******* pg592940 856 2006-08-07 00:10 .htaccess
-rw-r--r-- 1 ******* pg592940 9646 2006-08-07 00:10 config.php
drwxr-xr-x 2 ******* pg592940 4096 2006-04-09 19:16 setup/

I have tested this issue on both versions of PHP offered by dreamhost and it fails under both PHP 4 & 5. I've temporarily moved the site back to 1.4.4-pl4 and it works fine.