Bug #17479
Alert in FE: "...CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir..."
| Status: | Closed | Start date: | 2007-07-17 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | Martin Kutschker | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| TYPO3 Version: | 4.1 | Complexity: | ||
| PHP Version: | 5.1 | |||
| Votes: | 0 |
Description
Typo3 vers 4.11, tt_products vers. 2.6 alpha
The following message appears in FE und the look isn't very professional ;-) :
",,,
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /www/xyzurl/typo3_src/t3lib/class.t3lib_div.php on line 2356
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /www/xyzurl.de/typo3_src/t3lib/class.t3lib_div.php on line 2356
Warning: Cannot modify header information - headers already sent by (output started at /www/schmuckhamster.de/typo3_src/t3lib/class.t3lib_div.php:2356) in /www/xyzurl.de/typo3_src/typo3/sysext/cms/tslib/class.tslib_fe.php on line 2898. ..."
safe-mode is off.
open_basedir is the problem
Provider argues:
Can't open "open_basedir" for security reasons.
curl-use is maybe often necessary for install / update via repository.
(issue imported from #M5985)
Related issues
| duplicated by Core - Bug #16600: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_m... | Closed | 2006-09-27 | ||
| duplicated by Core - Bug #17060: curl_setopt error when fetching translations or extension... | Closed | 2007-03-01 | ||
| duplicated by Core - Bug #18280: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_m... | Closed | 2008-02-23 | ||
| duplicated by Core - Bug #18286: cURL not working correctly; e.g. when trying to get 404-p... | Closed | 2008-02-23 |
History
Updated by Martin Kutschker almost 6 years ago
Since PHP 5.2.0, 5.1.5 and 4.4.4 (see PHP Changelog).
Updated by Michiel Roos over 5 years ago
If you are trying to use CURLOPT_FOLLOWLOCATION and you get this warning:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set...
then you will want to read http://www.php.net/ChangeLog-4.php which says "Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled." as of PHP 4.4.4/5.1.5. This is due to the fact that curl is not part of PHP and doesn't know the values of open_basedir or safe_mode, so you could comprimise your webserver operating in safe_mode by redirecting (using header('Location: ...')) to "file://" urls, which curl would have gladly retrieved.
Updated by Bjrn Kraus over 5 years ago
@Martin: There already is a bugfix since more than a month which hasn't be added to the repository. Is there any doubt in applying it?
Updated by Martin Kutschker over 5 years ago
Björn, there is some concern that simply ignoring the failure is not a good option.
Updated by Franz Koch over 5 years ago
any news on that?
Updated by Michiel Roos over 5 years ago
Nothing besides the tiny thread on the core mailing list. 18-10-2007
Updated by Alban Cousinie over 5 years ago
This issue is still being encountered in version 4.1.3 even though duplicate issue 0004292 has been marked as 'resolved'. Someone please patch the main trunk.
Updated by Martin Kutschker over 5 years ago
FYI: 4292 is resolved as duplicate, not as being fixed!
Updated by Bjrn Kraus over 5 years ago
Any solution for this yet?
Updated by Martin Kutschker about 5 years ago
Fixed in SVN for trunk. Has been fixed in 4.1.x for a while.