Project

General

Profile

Actions
Copy link

Bug #20656

closed

t3lib_cache_backend_FileBacked violates open_basedir_restrictions

Added by Nikolas Hagelstein almost 15 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Rupert Germann
Category:
Caching
Target version:
-
Start date:
2009-06-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

t3lib_cache_backend_FileBacked::set violates open_basedir_restrictions due to the fact that it tries to travers the cacheEntryPath from the very beginning using t3lib_div::mkdir_deep. Mkdir checks every part of the whole path for existens (is_dir) which obviosly fails when open base dir restrictions take place.

A common practice is to put all vhost beyond a certain directory usually /var/www/virtual or similar.

In this case mkdir_deep will fail at "/var" since open base_dir_restrictions are preventing it from accessing that directory (which is a good idea in general)

Currently the only workarround i am aware of is to add /var (or whatever) to "open base dir" which obviosly raises security issues.

Note: this error is pretty tricky to reproduce under certain circumstances ( if eaccelerator is enabled). Instead of "could not create cache directory' you will receive a Tx_Fluid_Core_ParsingException complaining about missing reflection information. To get the actuall error message clean the eAccelerator cache, stop/start the apache, clear the T3 cache and hit your webbrowser's reload button ;).
(issue imported from #M11386)

Files

Download all files
filebackend_mkdir_deep_patch.diff (857 Bytes) filebackend_mkdir_deep_patch.diff Administrator Admin, 2009-07-15 13:54
11386_v2.diff (7.65 KB) 11386_v2.diff Administrator Admin, 2009-11-05 15:44
11386_v4.diff (9.64 KB) 11386_v4.diff Administrator Admin, 2010-03-30 23:34

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #22333: Cache framework FileBackend doesn't work on windows when configured with absolute pathsClosedSteffen Kamper2010-03-26

Actions
Actions
Copy link
 #1

Updated by Nikolas Hagelstein almost 15 years ago

Perhaps it's a good idea to remove the TYPO3 docroot from the mkdir_deep check since it should exist anyway. Would increase the function's overall performance as well ;).

Actions
Copy link
 #2

Updated by Ruetschi Romain almost 15 years ago

The patch I just attached is not complete, sorry.
There is another call to t3lib_div::mkdir_deep which needs to be fixed.
It may be be better to change $this->root from '/' to PATH_site instead of supplying PATH_site to t3lib_div::mkdir_deep.

Anyway, I think the best solution is Nikolas one.

Actions
Copy link
 #3

Updated by Christian Kuhn over 14 years ago

Confirmed.

IMHO $this->root in t3lib_cache_backend_FileBacked should be changed from / to PATH_site or something.

Actions
Copy link
 #4

Updated by Rupert Germann over 14 years ago

I attached a new patch which fixes the problem also under windows and for relative and absolute paths.

Actions
Copy link
 #5

Updated by Steffen Kamper about 14 years ago

Committed v4 to svn
4_3 rev 7226
trunk rev 7227

Actions
Copy link

Also available in: Atom PDF