Project

General

Profile

Actions

Bug #101350

open

open_basedir restriction in effect

Added by Michael Kasten about 1 year ago. Updated 11 months ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
Miscellaneous
Start date:
2023-07-14
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description


TYPO3 11.5.29

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3conf/ext/my_ext/Resources/Public/Css/facility-backend.css) is not within the allowed path(s)


this is imho an absolute path and so the error message is flooding the error log.

The css file is included by the asset viewhelper (i think with the right notation):

<f:asset.css identifier="backendfacility" href="EXT:bbb_facility/Resources/Public/Css/facility-backend.css" />

And this generates an absolut path, interesting because the general utility say some different here:

GeneralUtility.php line 2318:

$fileExists = file_exists($path);

And the $path variable comes from here: GeneralUtility.php line 2298:

if ($isFrontend) {
 // Frontend should still allow /static/myfile.css - see #98106
 // This should happen regardless of the incoming path is absolute or not
 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
} elseif (!PathUtility::isAbsolutePath($path)) {
 // Backend and non-absolute path
 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
}

So the comment say: "Backend and non-absolute path" but the resulting path is an absolute path?

And what is this condition realy about, both cases makes the same, i can not see any different?


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowedClosed2023-09-14

Actions
Related to TYPO3 Core - Bug #98330: PHP warning log with EXT-syntax using asset vh in BEClosed2022-09-12

Actions
Actions #1

Updated by Georg Ringer about 1 year ago

  • Status changed from New to Needs Feedback

do you maybe use a / as base in the site's config

base: '/'

please test by changing to a full tld

Actions #2

Updated by Michael Kasten 11 months ago

Hi Georg,

thanks for your reply, here are my answers:

No i am not using the '/' only as Basedomain, my value here is :

https://www.xxxxxx.de/

(With trailing slash because the describtion say here: "Can be https://www.example.com/ or just /")

And my used variant for the given Application/Context, has also no trailing slash:

https://www.xxxxxx.de

Taking a deeper look at the Generalutility Class file :

GenerallUtiliy.php

Debug the path:

/typo3conf/ext/bbb_facility/Resources/Public/JavaScript/facility-backend.js

(i guess this is wrong, and i dont know where comes the leading slash here?)

if ($isFrontend) = False
(right we are on the backend)

elseif (!PathUtility::isAbsolutePath($path)) = False
(right, if i only test on a leading slash)

So my asset, including with the asset viewhelper inside a backend modul is nether "frontend" nor a "relativ path", so the path wont be fixed.

Actions #4

Updated by Garvin Hicking 10 months ago

  • Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Actions #5

Updated by Georg Ringer about 2 months ago

  • Related to Bug #98330: PHP warning log with EXT-syntax using asset vh in BE added
Actions

Also available in: Atom PDF