Project

General

Profile

Actions

Bug #100021

open

Incorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings

Added by Charles Coleman over 1 year ago. Updated 27 days ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-02-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

When I upgraded to TYPO3 10.4.36 I started getting open_basedir warnings. I think the problem is that the file is being absolutely referenced (e.g. /typo3/sysext/…) instead of relatively referenced (e.g. typo3/sysext/…) or absolutely with the actual project root path prepended to it (e.g. /var/www/typo3/sysext/…).

Warning when I click on Dashboard in the backend sidebar menu...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/dashboard/Resources/Public/Css/dashboard.css) is not within the allowed path(s): ...

Warning when I click on View in the backend sidebar menu...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/viewpage/Resources/Public/Css/ui-lightness/jquery-ui-1.10.3.custom.min.css) is not within the allowed path(s): ...

Another person report this warning but don't know what they clicked on to get there...

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css) is not within the allowed path(s): ...

You can see there are several of us that have had this issue, see https://typo3.slack.com/archives/C025BQLFA/p1676556205848739.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowedClosed2023-09-14

Actions
Actions #1

Updated by Garvin Hicking 10 months ago

  • Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Actions #2

Updated by Roman Teitge 7 months ago · Edited

I can confirm this in Typo3 v10.4.42 not for dashboard but for a 3rd party extension (I think cause and effect are the same):

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3conf/ext/my_ext/Resources/Public/StyleSheet/PageLayout.css) is not within the allowed path(s):
(/var/www/html:/dev/random:/dev/urandom:/tmp)
in /var/www/html/web/typo3/sysext/core/Classes/Utility/GeneralUtility.php line 2469

But: These warnings are only logged. they have no influence on the system, as the files mentioned are all loaded successfully.

Actions #3

Updated by Michael Kasten 6 months ago

I can confirm this for TYPO3 v 11.5.33 (using PHP 8.0) and also for third party extensions.

It is clear that these warnings are just logged, but dont underestimate this Problem:

1) you will see real Problems in the sys_log table
2) If you don't care about your sys_log table sometimes the table can grow realy fast

Actions #4

Updated by Dan Kleine (Untenzu) 27 days ago · Edited

  • Complexity changed from no-brainer to medium

Confirmed in TYPO3 11.

These warnings are only logged, the files mentioned are all loaded successfully.

The reason for this is within /typo3/cms-core/Classes/Utility/GeneralUtility.php:2317

    try {
        $fileExists = file_exists($path);
        } catch (\Throwable $e) {
        $fileExists = false;
    }

It fails, and therefore throws an error, for resources that look absolute but are relative to the web root. It then continues to resolve the path otherwise. Thats why it is indeed still working.

This error is logged every time an editor uses a part of the dashboard. This doesn't hapen too often, but still fills the syslog for no good reason.

The cause of the issue, passing the wrong path to GeneralUtility, has to be resolved within EXT:cms-dashboard.

Example: /typo3/cms-dashboard/Classes/DashboardInitializationService.php:217

if (PathUtility::isExtensionPath($cssFile)) {
    $cssFile = PathUtility::getPublicResourceWebPath($cssFile);
}

Issue #101921 shows that the same beaviour was found and resolved in ext:cms-forms, maybe it is possible to port the change to this extension as well.

Actions

Also available in: Atom PDF