Bug #18520

indexing of external files may be prevented by php's open_basedir restriction

Added by Daniel Chabrol over 13 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Indexed Search
Target version:
-
Start date:
2008-03-31
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

class.external_parser.php tries to check the existence with is_file(). This fails in my case because of an existing open-basedir-restriction in php.

The attached patch fixes this problem by disabling the check if an open_basedir restriction is in effect (which is already done this way if you have safe_mode on)
(issue imported from #M7969)


Files

class.external_parser.php.diff (716 Bytes) class.external_parser.php.diff Administrator Admin, 2008-03-31 13:11
debug_is_tt_news.html (98.6 KB) debug_is_tt_news.html Administrator Admin, 2009-10-12 11:21
bug7969_version2.diff (3.35 KB) bug7969_version2.diff Administrator Admin, 2010-04-09 15:42
indexed_search_7969_t3_42.patch (3.41 KB) indexed_search_7969_t3_42.patch Administrator Admin, 2011-01-18 13:57
indexed_search_7969_t3_43-44.patch (3.47 KB) indexed_search_7969_t3_43-44.patch Administrator Admin, 2011-01-18 13:57
indexed_search_7969_t3_trunk.patch (3.61 KB) indexed_search_7969_t3_trunk.patch Administrator Admin, 2011-01-18 13:57
indexed_search_7969_t3_45.patch (3.42 KB) indexed_search_7969_t3_45.patch Administrator Admin, 2011-02-08 15:34

Related issues

Related to TYPO3 Core - Bug #25699: indexing of external files may be prevented by php's open_basedir restriction (Bug 18520 in core)Closed2011-04-01

Actions
Related to TYPO3 Core - Bug #64882: open_basedir restriction in effectClosed2015-02-05

Actions
#1

Updated by Daniel Chabrol over 13 years ago

Oops part of sentence missing:
class.external_parser.php tries to check the existence * of external parsers * with is_file().

#2

Updated by Schmid Valentin over 12 years ago

The patch is incomplete. You need to replace all occurrences of
if (ini_get('safe_mode') ||
with
if (ini_get('safe_mode') || ini_get('open_basedir') ||
in the file class.external_parser.php

#3

Updated by Jonas Felix almost 12 years ago

this is a anyoing problem, becase indexed_search wont work on any hosting with openbasedir settings...

#4

Updated by eric almost 12 years ago

sorry i've added a file by error
debug_is_tt_news.html must be removed from here

#5

Updated by Christian Hernmarck over 11 years ago

This bug is really annoying.

I completed the patch from above as adviced by Valentin.

Please check and vote for inclusion into trunk...

#6

Updated by Christian Hernmarck about 11 years ago

no news?
no one who can put this into the trunk?

#7

Updated by Dmitry Dulepov about 11 years ago

Christian, did you send it to the core list for inclusion to trunk? ;)

#8

Updated by Christian Hernmarck about 11 years ago

Hi Dimitry

no sorry - didn't have the time to do this - we need several patch files (slightly different) for the different TYPO3 versions.
I'm very busy theese months... hope I can do it later.

If someone else can send the patches there - I'm also happy - of course... :-)

The solution
- if (ini_get('safe_mode') || (@is_file(...
+ if (ini_get('safe_mode') || ini_get('open_basedir') || (@is_file(...

is working good in our environment (php with fastcgi, safe_mode off, open_basedir set).

Regards Christian

#9

Updated by Christian Hernmarck almost 11 years ago

ok, I sent it to the core list...

hopefully someone can adopt it to the trunk (there's a difference to 4_3+4_4)

#10

Updated by Christian Hernmarck over 10 years ago

I uploaded the three patches also here - so that others can use them - until they are integrated in the official packages...
One for TYPO3 4.2, one for 4.3 and 4.4 and one for the actual trunk....

Hoping that they are accepted soon.... :-)

/Ch

#11

Updated by Christian Kuhn over 10 years ago

sure latest patch in core list works? I didn't test, but open_basedir is no boolean flag, but a colon separated list of accessible pathes ... probably latest patch handles this a bit naive, am I wrong?

#12

Updated by Christian Hernmarck over 10 years ago

sorry - the patch for the trunk is not testet - and you seem to be right...

maybe I use the old-fashioned way "if ini_get('open_basedir')" and if someone wants to use the new t3lib_utility_php thing then he needs to add some methods to this class...

What do you think?

The patches for 42 till 44 are working - I use them after every TYPO3 Update (sonce a few months...)

/Ch

#13

Updated by Christian Hernmarck over 10 years ago

ah - you're the author of this new utility class... :-)
please add a method to check if the option is set or not.... - I'll change the patch. Okay?

Grüessli Christian

#14

Updated by Christian Hernmarck over 10 years ago

You'll find a new patch for TYPO3 4.5 and trunk

#15

Updated by Alexander Opitz about 7 years ago

  • Description updated (diff)
  • Status changed from New to Needs Feedback
  • Target version deleted (0)
  • TYPO3 Version set to 4.5
  • Is Regression set to No

Hi,

as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (4.5.35 or 6.2.4)?

#16

Updated by Christian Hernmarck about 7 years ago

Yes - at least 4.5.35...

just removed the @ infront of the "is_file()" calls...

[15-Jul-2014 22:58:04] http://dev.XXX.com/ - Core: Error handler (FE): PHP Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/unzip) is not within the allowed path(s): (/var/www/virtual/xxx.com/:/usr/share/php/:/var/www/webapps/) in /var/www/webapps/typo3/typo3_src-4.5.35_org/typo3/sysext/indexed_search/class.external_parser.php line 175

[15-Jul-2014 22:58:04] http://dev.XXX.com/ - Core: Error handler (FE): PHP Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/unrtf) is not within the allowed path(s): (/var/www/virtual/xxx.com/:/usr/share/php/:/var/www/webapps/) in /var/www/webapps/typo3/typo3_src-4.5.35_org/typo3/sysext/indexed_search/class.external_parser.php line 185

adding "|| ini_get('open_basedir') " to all theese lines still solves the problem..

eg.
instead of
if ($safeModeEnabled || @is_file($unzipPath . 'unzip' . $exe)) {
better:
if ($safeModeEnabled || ini_get('open_basedir') || @is_file($unzipPath . 'unzip' . $exe)) {

/Christian

#17

Updated by Alexander Opitz about 7 years ago

  • Status changed from Needs Feedback to New
#18

Updated by Riccardo De Contardi almost 6 years ago

  • Status changed from New to Closed

This seems to be solved since 6.2.9, see #25699, so I am closing it.

Otherwise, if you desperately need this fixed on 4.5.x, consider either subscribing to an 4.5 ELTS plan or (in case you already have subscribed) get in contact with Anja Leichsenring () and mention this ticket.

Also available in: Atom PDF