From ac0467290ce6f98c45a2160a3b8eae04e9db52a9 Mon Sep 17 00:00:00 2001 From: striker Date: Wed, 6 May 2026 01:27:12 +0300 Subject: [PATCH] fix(contact.php): use is_readable() instead of file_exists() for config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When contact-config.php exists but is unreadable by PHP-FPM (e.g. owned by www-data while pool runs as nginx), file_exists() returns true but require_once throws a fatal error → 500. Production was hitting this: contact-config.php was 'www-data:www-data 640' but the sag24 PHP-FPM pool runs as 'nginx'. Form returned HTTP 500 on every POST including legitimate ones — contact form effectively dead. Server side: chown nginx:nginx /opt/www/sag24.ru/contact-config.php (already applied). This commit makes the script defensive against the same scenario in the future. --- public/api/contact.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/public/api/contact.php b/public/api/contact.php index bbad0af..7042dbe 100644 --- a/public/api/contact.php +++ b/public/api/contact.php @@ -4,9 +4,10 @@ header('Access-Control-Allow-Origin: https://sag24.ru'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); -// Load secrets from outside webroot (not in git) +// Load secrets from outside webroot (not in git). +// Use is_readable() not file_exists() — PHP-FPM may lack read permission even when file is present. $configFile = dirname(__DIR__, 2) . '/contact-config.php'; -if (file_exists($configFile)) { +if (is_readable($configFile)) { require_once $configFile; } else { // Fallback values for local development (override via contact-config.php on server)