Bug #101350
open
open_basedir restriction in effect
0%
Description
TYPO3 11.5.29
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3conf/ext/my_ext/Resources/Public/Css/facility-backend.css) is not within the allowed path(s)
this is imho an absolute path and so the error message is flooding the error log.
The css file is included by the asset viewhelper (i think with the right notation):
<f:asset.css identifier="backendfacility" href="EXT:bbb_facility/Resources/Public/Css/facility-backend.css" />
And this generates an absolut path, interesting because the general utility say some different here:
GeneralUtility.php line 2318:
$fileExists = file_exists($path);
And the $path variable comes from here: GeneralUtility.php line 2298:
if ($isFrontend) {
// Frontend should still allow /static/myfile.css - see #98106
// This should happen regardless of the incoming path is absolute or not
$path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
} elseif (!PathUtility::isAbsolutePath($path)) {
// Backend and non-absolute path
$path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
}
So the comment say: "Backend and non-absolute path" but the resulting path is an absolute path?
And what is this condition realy about, both cases makes the same, i can not see any different?
Updated by Georg Ringer over 1 year ago
- Status changed from New to Needs Feedback
do you maybe use a / as base in the site's config
base: '/'
please test by changing to a full tld
Updated by Michael Kasten over 1 year ago
Hi Georg,
thanks for your reply, here are my answers:
No i am not using the '/' only as Basedomain, my value here is :
(With trailing slash because the describtion say here: "Can be https://www.example.com/ or just /")
And my used variant for the given Application/Context, has also no trailing slash:
Taking a deeper look at the Generalutility Class file :
GenerallUtiliy.php
Debug the path:
/typo3conf/ext/bbb_facility/Resources/Public/JavaScript/facility-backend.js
(i guess this is wrong, and i dont know where comes the leading slash here?)
if ($isFrontend) = False
(right we are on the backend)
elseif (!PathUtility::isAbsolutePath($path)) = False
(right, if i only test on a leading slash)
So my asset, including with the asset viewhelper inside a backend modul is nether "frontend" nor a "relativ path", so the path wont be fixed.
Updated by Michael Kasten over 1 year ago
related issue https://forge.typo3.org/issues/98330
Updated by Garvin Hicking about 1 year ago
- Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Updated by Georg Ringer 6 months ago
- Related to Bug #98330: PHP warning log with EXT-syntax using asset vh in BE added
Updated by Andreas Kießling 4 months ago
I get that error in v12 in backend context as well with e.g.
https://github.com/buepro/typo3-container_elements/blob/3b1af73452c71339f3336cd94780f8261f18d059/Sysext/backend/Resources/Private/Partials/PageLayout/Record/ContainerHeader.html#L63
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/_assets/cb4d62edce3401cc0966ebab1ff9bc68/Sysext/backend/JavaScript/LayoutModule/collapsible-content-element.js) is not within the allowed path(s):
Updated by Garvin Hicking 4 months ago
- Related to Bug #100021: Incorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings added
Updated by Garvin Hicking 28 days ago
- Related to Bug #105424: Open Basdir SVG Icons added
Updated by Garvin Hicking 28 days ago
- Status changed from Needs Feedback to Accepted