Bug #101350
closed
open_basedir restriction in effect
100%
Description
TYPO3 11.5.29
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/typo3conf/ext/my_ext/Resources/Public/Css/facility-backend.css) is not within the allowed path(s)
this is imho an absolute path and so the error message is flooding the error log.
The css file is included by the asset viewhelper (i think with the right notation):
<f:asset.css identifier="backendfacility" href="EXT:bbb_facility/Resources/Public/Css/facility-backend.css" />
And this generates an absolut path, interesting because the general utility say some different here:
GeneralUtility.php line 2318:
$fileExists = file_exists($path);
And the $path variable comes from here: GeneralUtility.php line 2298:
if ($isFrontend) {
// Frontend should still allow /static/myfile.css - see #98106
// This should happen regardless of the incoming path is absolute or not
$path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
} elseif (!PathUtility::isAbsolutePath($path)) {
// Backend and non-absolute path
$path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $path);
}
So the comment say: "Backend and non-absolute path" but the resulting path is an absolute path?
And what is this condition realy about, both cases makes the same, i can not see any different?
Updated by Georg Ringer almost 2 years ago
- Status changed from New to Needs Feedback
do you maybe use a / as base in the site's config
base: '/'
please test by changing to a full tld
Updated by Michael Kasten almost 2 years ago
Hi Georg,
thanks for your reply, here are my answers:
No i am not using the '/' only as Basedomain, my value here is :
(With trailing slash because the describtion say here: "Can be https://www.example.com/ or just /")
And my used variant for the given Application/Context, has also no trailing slash:
Taking a deeper look at the Generalutility Class file :
GenerallUtiliy.php
Debug the path:
/typo3conf/ext/bbb_facility/Resources/Public/JavaScript/facility-backend.js
(i guess this is wrong, and i dont know where comes the leading slash here?)
if ($isFrontend) = False
(right we are on the backend)
elseif (!PathUtility::isAbsolutePath($path)) = False
(right, if i only test on a leading slash)
So my asset, including with the asset viewhelper inside a backend modul is nether "frontend" nor a "relativ path", so the path wont be fixed.
Updated by Michael Kasten almost 2 years ago
related issue https://forge.typo3.org/issues/98330
Updated by Garvin Hicking over 1 year ago
- Related to Bug #101921: open_basedir restriction in effect. File(/typo3/sysext/form/Resources/Public/Css/form.css) is not within the allowed added
Updated by Georg Ringer about 1 year ago
- Related to Bug #98330: PHP warning log with EXT-syntax using asset vh in BE added
Updated by Andreas Kießling 11 months ago
I get that error in v12 in backend context as well with e.g.
https://github.com/buepro/typo3-container_elements/blob/3b1af73452c71339f3336cd94780f8261f18d059/Sysext/backend/Resources/Private/Partials/PageLayout/Record/ContainerHeader.html#L63
Core: Error handler (BE): PHP Warning: file_exists(): open_basedir restriction in effect. File(/_assets/cb4d62edce3401cc0966ebab1ff9bc68/Sysext/backend/JavaScript/LayoutModule/collapsible-content-element.js) is not within the allowed path(s):
Updated by Garvin Hicking 11 months ago
- Related to Bug #100021: Incorrect path because of absolutely reference file(s) in typo3/cms-dashboard plus it causes open_basedir warnings added
Updated by Garvin Hicking 8 months ago
- Related to Bug #105424: Open Basdir SVG Icons added
Updated by Garvin Hicking 8 months ago
- Status changed from Needs Feedback to Accepted
Updated by Michael Kasten 6 months ago
- Priority changed from Should have to Must have
- TYPO3 Version changed from 11 to 12
I have to clarify this problem here, because i guess it is not a question about relative ore absolute paths.
I think that the test whether the file exists or not is already a violation of the open base dir restrictions.
From my point of view is this a issue about system stability because these messages are flooding the database table!
I changed now the priority to must have and change the TYPO3 Version to 12 (Problem exists here also).
This is related to
https://forge.typo3.org/issues/100021
https://forge.typo3.org/issues/102736
Maybe it would be a better way to test explizit for a configured path without any (non existing or maybe existing) other paths?
Updated by Garvin Hicking 6 months ago
- Related to Bug #102736: Install Tool Configuration Presets broken for image handling settings with debug mode enabled added
Updated by Benni Mack 2 months ago
Hey,
I just created this patch - does this solve your problem as well? https://review.typo3.org/c/Packages/TYPO3.CMS/+/87224
Updated by Gerrit Code Review 2 months ago
- Status changed from Accepted to Under Review
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87224
Updated by Gerrit Code Review 2 months ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87224
Updated by Gerrit Code Review 2 months ago
Patch set 1 for branch 13.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89013
Updated by Benni Mack 2 months ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset f9b7050165e90d9aee95b224d48c59dd03853b3d.