Project

General

Profile

Actions

Bug #100021

open

Incorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings

Added by Charles Coleman almost 2 years ago. Updated 4 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
System/Bootstrap/Configuration
Target version:
-
Start date:
2023-02-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
open_basedir
Complexity:
medium
Is Regression:
Sprint Focus:

Description

When I upgraded to TYPO3 10.4.36 I started getting open_basedir warnings. I think the problem is that the file is being absolutely referenced (e.g. /typo3/sysext/…) instead of relatively referenced (e.g. typo3/sysext/…) or absolutely with the actual project root path prepended to it (e.g. /var/www/typo3/sysext/…).

Warning when I click on Dashboard in the backend sidebar menu...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/dashboard/Resources/Public/Css/dashboard.css) is not within the allowed path(s): ...

Warning when I click on View in the backend sidebar menu...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/viewpage/Resources/Public/Css/ui-lightness/jquery-ui-1.10.3.custom.min.css) is not within the allowed path(s): ...

Another person report this warning but don't know what they clicked on to get there...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css) is not within the allowed path(s): ...

You can see there are several of us that have had this issue, see https://typo3.slack.com/archives/C025BQLFA/p1676556205848739.


Related issues 4 (2 open2 closed)

Related to TYPO3 Core - Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowedClosed2023-09-14

Actions
Related to TYPO3 Core - Bug #101350: open_basedir restriction in effectAccepted2023-07-14

Actions
Related to TYPO3 Core - Bug #101778: Configuration Presets open_basedirClosed2023-08-28

Actions
Related to TYPO3 Core - Bug #102736: Install Tool Configuration Presets broken for image handling settings with debug mode enabledAcceptedStefan Bürk2024-01-01

Actions
Actions #1

Updated by Garvin Hicking about 1 year ago

  • Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Actions #2

Updated by Roman Teitge 12 months ago · Edited

I can confirm this in Typo3 v10.4.42 not for dashboard but for a 3rd party extension (I think cause and effect are the same):

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3conf/ext/my_ext/Resources/Public/StyleSheet/PageLayout.css) is not within the allowed path(s):
(/var/www/html:/dev/random:/dev/urandom:/tmp)
in /var/www/html/web/typo3/sysext/core/Classes/Utility/GeneralUtility.php line 2469

But: These warnings are only logged. they have no influence on the system, as the files mentioned are all loaded successfully.

Actions #3

Updated by Michael Kasten 10 months ago

I can confirm this for TYPO3 v 11.5.33 (using PHP 8.0) and also for third party extensions.

It is clear that these warnings are just logged, but dont underestimate this Problem:

1) you will see real Problems in the sys_log table
2) If you don't care about your sys_log table sometimes the table can grow realy fast

Actions #4

Updated by Dan Kleine (Untenzu) 6 months ago · Edited

  • Complexity changed from no-brainer to medium

Confirmed in TYPO3 11.

These warnings are only logged, the files mentioned are all loaded successfully.

The reason for this is within /typo3/cms-core/Classes/Utility/GeneralUtility.php:2317

    try {
        $fileExists = file_exists($path);
        } catch (\Throwable $e) {
        $fileExists = false;
    }

It fails, and therefore throws an error, for resources that look absolute but are relative to the web root. It then continues to resolve the path otherwise. Thats why it is indeed still working.

This error is logged every time an editor uses a part of the dashboard. This doesn't hapen too often, but still fills the syslog for no good reason.

The cause of the issue, passing the wrong path to GeneralUtility, has to be resolved within EXT:cms-dashboard.

Example: /typo3/cms-dashboard/Classes/DashboardInitializationService.php:217

if (PathUtility::isExtensionPath($cssFile)) {
    $cssFile = PathUtility::getPublicResourceWebPath($cssFile);
}

Issue #101921 shows that the same beaviour was found and resolved in ext:cms-forms, maybe it is possible to port the change to this extension as well.

Actions #5

Updated by Garvin Hicking 4 months ago

  • Related to Bug #101350: open_basedir restriction in effect added
Actions #6

Updated by Garvin Hicking 4 months ago

  • Related to Bug #101778: Configuration Presets open_basedir added
Actions #7

Updated by Garvin Hicking 4 months ago

  • Category set to System/Bootstrap/Configuration
  • Tags set to open_basedir
Actions #8

Updated by Garvin Hicking 4 months ago

  • Related to Bug #102736: Install Tool Configuration Presets broken for image handling settings with debug mode enabled added
Actions

Also available in: Atom PDF