andi DokuWiki will not prepend DOKU_INC to that.
This is probably the one and only time where I'm right about DokuWiki and you're wrong ;-).
I'm sure because I actually tried to set $conf['savedir']='/data'
while there is no /data directory on the machine I used. And to my surprise, DW continued to work and the warning disappeared. It turns out that DokuWiki prepends DOKU_INC
if it can't find a data directory.
This happens in function init_path in init.php.
function init_path($path){
// check existence
$p = fullpath($path);
if(!file_exists($p)){
$p = fullpath(DOKU_INC.$path);
For example, when $path is /data/pages
, fullpath($path)
is /data/pages
. If /data
or /data/pages
don't exist, then DW tries DOKU_INC.'/data/pages'
.
function init_paths of init.php does this for all the subdirs of the data directory.
init_paths
function init_paths(){
global $conf;
$paths = [
'datadir' => 'pages',
'olddir' => 'attic',
'mediadir' => 'media',
'mediaolddir' => 'media_attic',
'metadir' => 'meta',
'mediametadir' => 'media_meta',
'cachedir' => 'cache',
'indexdir' => 'index',
'lockdir' => 'locks',
'tmpdir' => 'tmp',
'logdir' => 'log',
];
foreach($paths as $c => $p) {
$path = empty($conf[$c]) ? $conf['savedir'].'/'.$p : $conf[$c];
$conf[$c] = init_path($path);
I have no idea what the correct way to deal with this could be, nor if it should be considered broken at all and needed to be fixed. The thing is that it has the side effect of making the warning "insecure data directory" disappear. Maybe, not prepend DOKU_INC when $path starts with /, maybe just do nothing special because this seems rather harmless (but could eventually lead to serious headaches if both directories exist but DW has no access to /data for some reason ).