Bug #100021
openIncorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings
0%
Description
When I upgraded to TYPO3 10.4.36 I started getting open_basedir warnings. I think the problem is that the file is being absolutely referenced (e.g. /typo3/sysext/…) instead of relatively referenced (e.g. typo3/sysext/…) or absolutely with the actual project root path prepended to it (e.g. /var/www/typo3/sysext/…).
Warning when I click on Dashboard in the backend sidebar menu...
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3/sysext/dashboard/Resources/Public/Css/dashboard.css) is not within the allowed path(s): ...
Warning when I click on View in the backend sidebar menu...
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3/sysext/viewpage/Resources/Public/Css/ui-lightness/jquery-ui-1.10.3.custom.min.css) is not within the allowed path(s): ...
Another person report this warning but don't know what they clicked on to get there...
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3/sysext/dashboard/Resources/Public/Css/Contrib/chart.css) is not within the allowed path(s): ...
You can see there are several of us that have had this issue, see https://typo3.slack.com/archives/C025BQLFA/p1676556205848739.
Updated by Garvin Hicking about 1 year ago
- Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Updated by Roman Teitge 12 months ago · Edited
I can confirm this in Typo3 v10.4.42 not for dashboard but for a 3rd party extension (I think cause and effect are the same):
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect.
File(/typo3conf/ext/my_ext/Resources/Public/StyleSheet/PageLayout.css) is not within the allowed path(s):
(/var/www/html:/dev/random:/dev/urandom:/tmp)
in /var/www/html/web/typo3/sysext/core/Classes/Utility/GeneralUtility.php line 2469
But: These warnings are only logged. they have no influence on the system, as the files mentioned are all loaded successfully.
Updated by Michael Kasten 10 months ago
I can confirm this for TYPO3 v 11.5.33 (using PHP 8.0) and also for third party extensions.
It is clear that these warnings are just logged, but dont underestimate this Problem:
1) you will see real Problems in the sys_log table
2) If you don't care about your sys_log table sometimes the table can grow realy fast
Updated by Dan Kleine (Untenzu) 6 months ago · Edited
- Complexity changed from no-brainer to medium
Confirmed in TYPO3 11.
These warnings are only logged, the files mentioned are all loaded successfully.
The reason for this is within /typo3/cms-core/Classes/Utility/GeneralUtility.php:2317
try { $fileExists = file_exists($path); } catch (\Throwable $e) { $fileExists = false; }
It fails, and therefore throws an error, for resources that look absolute but are relative to the web root. It then continues to resolve the path otherwise. Thats why it is indeed still working.
This error is logged every time an editor uses a part of the dashboard. This doesn't hapen too often, but still fills the syslog for no good reason.
The cause of the issue, passing the wrong path to GeneralUtility, has to be resolved within EXT:cms-dashboard.
Example: /typo3/cms-dashboard/Classes/DashboardInitializationService.php:217
if (PathUtility::isExtensionPath($cssFile)) { $cssFile = PathUtility::getPublicResourceWebPath($cssFile); }
Issue #101921 shows that the same beaviour was found and resolved in ext:cms-forms, maybe it is possible to port the change to this extension as well.
Updated by Garvin Hicking 4 months ago
- Related to Bug #101350: open_basedir restriction in effect added
Updated by Garvin Hicking 4 months ago
- Related to Bug #101778: Configuration Presets open_basedir added
Updated by Garvin Hicking 4 months ago
- Category set to System/Bootstrap/Configuration
- Tags set to open_basedir
Updated by Garvin Hicking 4 months ago
- Related to Bug #102736: Install Tool Configuration Presets broken for image handling settings with debug mode enabled added