Bug #101921
open
open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed
0%
Description
Thu, 14 Sep 2023 11:58:50 +0200 [WARNING] request="d7afd95472d79" component="TYPO3.CMS.Core.Error.ErrorHandler": Core: Error handler (BE): PHP Warning:
file_exists(): open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed path(s): (/var/www/projectpath/web:/var/www/projectpath/private:/var/www/projectpath/tmp:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom) in /var/www/projectpath/web/typo3/sysext/core/Classes/Utility/GeneralUtility.php line 2318
Error ist in function
GeneralUtility::createVersionNumberedFilename
line 2318: $fileExists = file_exists($path);
Updated by Torben Hansen 8 months ago
- Status changed from New to Needs Feedback
The error message describes, that a open_basedir is used, so the problem may have something to do with wrong/missing path access or with a wrong configured reference to form.css
Please provide more feedback on how the problem can be reproduced.
Updated by
Updated by Heiko Dietrich 8 months ago
Torben Hansen wrote in #note-1:
The error message describes, that a
open_basediris used, so the problem may have something to do with wrong/missing path access or with a wrong configured reference toform.cssPlease provide more feedback on how the problem can be reproduced.
I have a typo3-Dir with follow link structure. That couldt be the problem.
typo3 -> ./typo3_src/typo3
typo3_src -> ../PROJECT_SOURCES/11.1.36-2023-09-13_160630
Updated by Heiko Dietrich 8 months ago
if i Call {domain}/typo3/module/dashboard
TYPO3\CMS\Core\Utility\GeneralUtility::createVersionNumberedFilename() in Line 2318
dump([
0 => $file,
1 => Environment::getCurrentScript(),
2 => self::dirname(Environment::getCurrentScript()),
3 => $path
];
^ array:3 [▼
0 => "/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css"
1 => "/projectpath/web/public/typo3/index.php"
2 => "/projectpath/web/public/typo3"
3 => "/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css"
]
but $path must be
$path => "/projectpath/web/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css"
I thing the Problem is, that $file start with '/typo3 ' => $file = "/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css"
A correct working example is:
start without "/typo3" => $file = "sysext/core/Resources/Public/JavaScript/JavaScriptHandler.js"
dump([
0 => $file,
1 => Environment::getCurrentScript(),
2 => self::dirname(Environment::getCurrentScript()),
3 => $path
];
^ array:4 [▼
0 => "sysext/core/Resources/Public/JavaScript/JavaScriptHandler.js"
1 => "/projectpath/web/public/typo3/index.php"
2 => "/projectpath/web/public/typo3"
3 => "/projectpath/web/public/typo3/sysext/core/Resources/Public/JavaScript/JavaScriptHandler.js"
]
Updated by Heiko Dietrich 8 months ago
Couldt be the problem with use of function PathUtility::getPublicResourceWebPath($cssFile); in \TYPO3\CMS\Dashboard\DashboardInitializationService::defineCssFiles?
/**
* Define the correct path of the CSS files of a widget and add them to the list of CSS files that needs to be
* included
*
* @param AdditionalCssInterface $widgetInstance
*/
protected function defineCssFiles(AdditionalCssInterface $widgetInstance): void
{
foreach ($widgetInstance->getCssFiles() as $cssFile) {
if (PathUtility::isExtensionPath($cssFile)) {
$cssFile = PathUtility::getPublicResourceWebPath($cssFile);
}
$this->cssFiles[$cssFile] = $cssFile;
}
dump([
0 => $widgetInstance->getCssFiles(),
1 => $this->cssFiles]
);
}
output:
array:2 [▼
0 => array:1 [▼
0 => "EXT:dashboard/Resources/Public/Css/Contrib/chart.css"
]
1 => array:1 [▼
"/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css" => "/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css"
]
]
Updated by Garvin Hicking 8 months ago
- Related to Bug #101350: open_basedir restriction in effect added
Updated by Garvin Hicking 8 months ago
- Related to Bug #100021: Incorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings added
Updated by Garvin Hicking 8 months ago
- Related to Bug #98545: file_exists(): open_basedir restriction in effect added
Updated by Alexander Schnitzler 7 months ago
I can confirm this bug. The problem is that TYPO3 does calculate the web path for several resources in several places. PageRenderer (\TYPO3\CMS\Core\Page\PageRenderer::getStreamlinedFileName()) then tries to generate version numbered filenames for all resources and it already assumes that not all resources are absolute yet. But it fails to detect resources that look absolute but are relative to the web root. It only detects files that still have the EXT:extension/... syntax or are considere relative because they start with ../.
Updated by Garvin Hicking 7 months ago
- Related to Bug #101778: Configuration Presets open_basedir added
Updated by Peter Kraume 4 months ago
I've created a patch for this problem and would love to hear your feedback.
https://review.typo3.org/c/Packages/TYPO3.CMS/+/82635
The patch is for TYPO3 version main/12 but also applies to version 11. Nevertheless it can't be applied directly because typo3/sysext/form/Tests/Unit/Controller/Fixtures/TestingController.php isn't present in v11.