Bug #17479
closedAlert in FE: "...CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir..."
0%
Description
Typo3 vers 4.11, tt_products vers. 2.6 alpha
The following message appears in FE und the look isn't very professional ;-) :
",,,
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /www/xyzurl/typo3_src/t3lib/class.t3lib_div.php on line 2356
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /www/xyzurl.de/typo3_src/t3lib/class.t3lib_div.php on line 2356
Warning: Cannot modify header information - headers already sent by (output started at /www/schmuckhamster.de/typo3_src/t3lib/class.t3lib_div.php:2356) in /www/xyzurl.de/typo3_src/typo3/sysext/cms/tslib/class.tslib_fe.php on line 2898. ..."
safe-mode is off.
open_basedir is the problem
Provider argues:
Can't open "open_basedir" for security reasons.
curl-use is maybe often necessary for install / update via repository.
(issue imported from #M5985)
Files
Updated by Martin Kutschker about 17 years ago
Since PHP 5.2.0, 5.1.5 and 4.4.4 (see PHP Changelog).
Updated by Michiel Roos almost 17 years ago
If you are trying to use CURLOPT_FOLLOWLOCATION and you get this warning:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set...
then you will want to read http://www.php.net/ChangeLog-4.php which says "Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled." as of PHP 4.4.4/5.1.5. This is due to the fact that curl is not part of PHP and doesn't know the values of open_basedir or safe_mode, so you could comprimise your webserver operating in safe_mode by redirecting (using header('Location: ...')) to "file://" urls, which curl would have gladly retrieved.
Updated by Bjrn Kraus almost 17 years ago
@Martin: There already is a bugfix since more than a month which hasn't be added to the repository. Is there any doubt in applying it?
Updated by Martin Kutschker almost 17 years ago
Björn, there is some concern that simply ignoring the failure is not a good option.
Updated by Michiel Roos almost 17 years ago
Nothing besides the tiny thread on the core mailing list. 18-10-2007
Updated by Alban Cousinie almost 17 years ago
This issue is still being encountered in version 4.1.3 even though duplicate issue 0004292 has been marked as 'resolved'. Someone please patch the main trunk.
Updated by Martin Kutschker almost 17 years ago
FYI: 4292 is resolved as duplicate, not as being fixed!
Updated by Martin Kutschker over 16 years ago
Fixed in SVN for trunk. Has been fixed in 4.1.x for a while.