Project

General

Profile

Actions
Copy link

Bug #101350

open

open_basedir restriction in effect

Added by Michael Kasten 10 months ago. Updated 9 months ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
Miscellaneous
Target version:
Candidate for patchlevel
Start date:
2023-07-14
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description


TYPO3 11.5.29

Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3conf/ext/my_ext/Resources/Public/Css/facility-backend.css) is not within the allowed path(s)

this is imho an absolute path and so the error message is flooding the error log.

The css file is included by the asset viewhelper (i think with the right notation):

<f:asset.css identifier="backendfacility" href="EXT:bbb_facility/Resources/Public/Css/facility-backend.css" />

And this generates an absolut path, interesting because the general utility say some different here:

GeneralUtility.php line 2318:

$fileExists = file_exists($path);

And the $path variable comes from here: GeneralUtility.php line 2298:

if ($isFrontend) {
 // Frontend should still allow /static/myfile.css - see #98106
 // This should happen regardless of the incoming path is absolute or not
 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
} elseif (!PathUtility::isAbsolutePath($path)) {
 // Backend and non-absolute path
 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
}

So the comment say: "Backend and non-absolute path" but the resulting path is an absolute path?

And what is this condition realy about, both cases makes the same, i can not see any different?

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowedNeeds Feedback2023-09-14

Actions
Actions
Copy link
 #1

Updated by Georg Ringer 10 months ago

  • Status changed from New to Needs Feedback

do you maybe use a / as base in the site's config

base: '/'

please test by changing to a full tld

Actions
Copy link
 #2

Updated by Michael Kasten 9 months ago

Hi Georg,

thanks for your reply, here are my answers:

No i am not using the '/' only as Basedomain, my value here is :

https://www.xxxxxx.de/

(With trailing slash because the describtion say here: "Can be https://www.example.com/ or just /")

And my used variant for the given Application/Context, has also no trailing slash:

https://www.xxxxxx.de

Taking a deeper look at the Generalutility Class file :

GenerallUtiliy.php

Debug the path:

/typo3conf/ext/bbb_facility/Resources/Public/JavaScript/facility-backend.js

(i guess this is wrong, and i dont know where comes the leading slash here?)

if ($isFrontend) = False
(right we are on the backend)

elseif (!PathUtility::isAbsolutePath($path)) = False
(right, if i only test on a leading slash)

So my asset, including with the asset viewhelper inside a backend modul is nether "frontend" nor a "relativ path", so the path wont be fixed.

Actions
Copy link
 #4

Updated by Garvin Hicking 7 months ago

  • Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Actions
Copy link

Also available in: Atom PDF