Warning: touch() [function.touch]: open_basedir restriction in effect.
File() is not within the allowed path(s):
(/var/www/vhosts/site.com/httpdocs/) in
/var/www/vhosts/site.com/httpdocs/Manuals/updater.php on line 5 There
was an error loading your Manual, please press the back button and try
again.
im trying to figure out why the heck this isn't working - currently, I am using plesk, and it is set to default, which should be working as this is within a subdirectory of the httpdocs...
any ideas?
UPDATER.PHP
<?php
// $URL="manualframe.php";
$URL=$_GET["URL"];
// header( 'Location: '.$URL.'' ) ;
if (touch($URL)) {
echo 'loading!';
} else {
echo 'There was an error loading your Manual, please press the back button and try again.';
}
echo '<meta http-equiv="refresh" content="1;URL='.$URL.'">';
?>
Would the Manuals directory be a symlink to a directory outside the webroot by any chance?
open_basedir is also in effect on symlinks within your allowed path(s).
See the PHP manual on open_basedir for more information, which states:
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .
Looks like PHP is running in Safe Mode. This restriction means you can't read any files outside your web root. That's probably what updater.php is trying to do.
Related
I'm currently having an issue trying to upload a file (an image) and sending it to a folder, this for a CMS/blog where people can comment and create profiles with pictures, unfortunately, XAMPP won't allow me to send it and it displays this message
`Warning: move_uploaded_file(../images/ ): failed to open stream: Permission denied in C:\xampp\htdocs\CMS\CMS_TEMPLATE\admin\includes\add_post.php on line 19
Warning: move_uploaded_file(): Unable to move 'C:\xampp\tmp\php37A6.tmp' to '../images/ ' in C:\xampp\htdocs\CMS\CMS_TEMPLATE\admin\includes\add_post.php on line 19
I know is a problem with the permission or privileges to read and change files, but even when I changed those permissions on the folder to let it write and modify files, the error messages still appear, I'm working on windows 8.1 with XAMPP and I haven't found a solution to this, it would be really helpful if anyone could help me. Also here's the code if anyone needs to see it.
<?php
if(isset($_POST['create_post'])) {
$post_title = $_POST['title'];
$post_author = $_POST['author'];
$post_category_id = $_POST['post_category_id'];
$post_status = $_POST['post_status'];
$post_image = $_FILES['post_image']['name'];
$post_image_temp = $_FILES['post_image']['tmp_name'];
$post_tags = $_POST['post_tags'];
$post_content = $_POST['post_content'];
$post_date = date('d-m-y');
$post_comment_count = 4;
move_uploaded_file($post_image_temp, "../images/ " );
}
?>
<div class="form-group">
<input type="file" class="form-control" name="post_image">
</div>
Thank you!
The function move_uploaded_file is available in
(PHP 4 >= 4.0.3, PHP 5, PHP 7, PHP 8)
and in PHP's official documentation defined as following
move_uploaded_file(string $from, string $to): bool:
This function checks to ensure that the file designated by from is a
valid upload file (meaning that it was uploaded via PHP's HTTP POST
upload mechanism). If the file is valid, it will be moved to the
filename given by to. This sort of check is especially important if
there is any chance that anything done with uploaded files could
reveal their contents to the user, or even to other users on the same
system.
This function is open_basedir aware. However, restrictions are
placed only on the to path as to allow the moving of uploaded files in
which from may conflict with such restrictions. move_uploaded_file()
ensures the safety of this operation by allowing only those files
uploaded through PHP to be moved.
Return Values
This functon returns true on success.
1. If from is not a valid upload file
Then no action will occur, and move_uploaded_file(...) will return false.
2. If from is a valid upload file, but cannot be moved for some reason
Then no action will occur, and move_uploaded_file(...) will return false. Additionally, a warning will be issued (#MiguelDavid your case).
Referring to open_basedir string
Limit the files that can be accessed by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to access it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.
open_basedir can affect more than just filesystem functions; for example if MySQL is configured to use mysqlnd drivers, LOAD DATA INFILE will be affected by open_basedir. Much of the extended functionality of PHP uses open_basedir in this way.
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is a directory name, not a prefix. The default is to allow all files to be opened.
open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set(). When listing several directories, you can use the PATH_SEPARATOR constant as a separator regardless of the operating system.
Also take a look at upload_tmp_dir string
The temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as. If not specified PHP will use the system's default.
If the directory specified here is not writable, PHP falls back to the system default temporary directory. If open_basedir is on, then the system default directory must be allowed for an upload to succeed.
In your case xampp temporary directory is located:
C:\xampp\tmp and it,s also writable, so nothing to do there!
... To fix your issue / finish ...
Now that function move_uploaded_file is open_dir aware as already mentioned, give the directory for your images the appropriate owner permissions (e.g.: 0755):
../images/
This will get you out of the issue!
According to Dan Delaney on https://www.php.net/manual/en/function.move-uploaded-file.php#86332 you might need to set the "upload_tmp_dir" to an existing directory within you websites directory structure, since you are running on Windows.
Search for "upload_tmp_dir" in your php.ini file and set it to a path pointing to an existing directory:
upload_tmp_dir = "path_to_your_custom_tmp_dir"
I have a server with 30 websites.
Now I want to copy a file from site A to site B.
Code:
$sExternPath = str_replace(strtolower(SITENAME), strtolower($aBoardInfo['name']), CORE_PATH_PRIVATE);
$sNewLogo = file_get_contents(CORE_PATH_PRIVATE.'users_upload/company_logos/'.$sFileName);
//Put it in the folder
file_put_contents($sExternPath.$sFileName, $sNewLogo);
Error:
[20-Mar-2015 10:32:30] PHP Warning: file_put_contents() [function.file-put-contents]: open_basedir restriction in effect. File(/var/www/vhosts/SITEB.nl/private/logo.jpg) is not within the allowed path(s): (/var/www/vhosts/SITEA.nl/:/tmp/) in /var/www/vhosts/SITEA.nl/httpdocs/pages/login/script.php on line 1262
[20-Mar-2015 10:32:30] PHP Warning: file_put_contents(/var/www/vhosts/SITEB.nl/private/logo.jpg) [function.file-put-contents]: failed to open stream: Bewerking niet toegestaan in /var/www/vhosts/SITEA.nl/httpdocs/pages/login/script.php on line 1262
/var/www/vhosts/SITEB.nl is outside the tree set in the open_basedir setting -You need to edit your php.ini file and change the open_basedir setting to
'/var/www/vhosts/:/tmp/' rather than '/var/www/vhosts/SITEA.nl/:/tmp/' or unset it by commenting it out, then restart apache.
http://php.net/manual/en/ini.core.php#ini.open-basedir
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to access it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .
As per Wiris guide.
Give execution rights to the web server user on the PHP files contained at to ckeditor/plugins/ckeditor_wiris/integration.
→ My settings: Folder "integration": 755. All files inside this folder: 754
Give write permissions to ckeditor/plugins/ckeditor_wiris/cache and to ckeditor/plugins/ckeditor_wiris/formulas directories to the web server user. Those folders will be used to store formula MathML codes and temporal images.
→ My settings for these folder: 775
However, I get following warnings while trying to open Wiris "Math Popup", and doesn't open properly.
Warning: is_file(): open_basedir restriction in effect. File(/home/my_user_name/public_html/ckeditor/plugins/ckeditor_wiris/integration/../../../../../../../../lib/moodlelib.php) is not within the allowed path(s): (/home/my_user_name:/usr/lib/php:/tmp) in /home/my_user_name/public_html/ckeditor/plugins/ckeditor_wiris/integration/bootstrap.php on line 39
Warning: is_file(): open_basedir restriction in effect. File(/home/my_user_name/public_html/ckeditor/plugins/ckeditor_wiris/integration/../../../../../../lib/moodlelib.php) is not within the allowed path(s): (/home/my_user_name:/usr/lib/php:/tmp) in /home/my_user_name/public_html/ckeditor/plugins/ckeditor_wiris/integration/bootstrap.php on line 39
Are my permissions correct? Do these warnings relate to file/folder permissions? I am using www.serversfree.com webhosting to test this out.
It looks like there's an issue in your installation. Please check the plugin test page:
<url>/ckeditor/plugins/ckeditor_wiris/integration/test.php. There shouldn't be any errors there. Please review the installation instructions at http://www.wiris.com/plugins/docs/ckeditor.
Your permissions are correct. Those warnings are related to an extra check in the /integration/bootstrap.php file, it checks a directory several levels above your working directory and you're not allowed to do so due to an open_basedir restriction in your server. This issue will be fixed in our next plugin release. To supress the warning simply comment the whole bootstrap.php file or add a return true; right after <?php.
Edit: This issue is currently fixed in our latest version.
Please give permission to 777 to folder named cache and formulas
inside path
ckeditor4/plugins/ckeditor_wiris
The issue I am having is kind of amazing me, never seen something that is truly impossible happen to me before.
What I see is that when trying to access a specific file, php is making up a random filepath that is completely none existant.
$less_template = dirname(__FILE__).DIRECTORY_SEPARATOR.'less/template.less';
$css_template = dirname(__FILE__).DIRECTORY_SEPARATOR.'css/template.css';
$less_resp = dirname(__FILE__).DIRECTORY_SEPARATOR.'less/responsive.less';
$css_resp = dirname(__FILE__).DIRECTORY_SEPARATOR.'css/responsive.css';
These are where the filepaths being called are being generated.
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect.
File(/home/rem/www/outpost/ashl/templates/default/less/template.less)
is not within the allowed path(s): (/var/www/vhosts/rehost.ca/httpdocs/rehost/:/tmp/) in
/var/www/vhosts/rehost.ca/httpdocs/rehost/a/ashl/ashl/templates/default/less/lessc.inc.php
on line 1741
Now given that this error (to me anyway) is about as possible as dividing by 0, I must be totally overlooking something. This worked before but now it just does not.
To give a bit more information the filepath its looking for is from before a move. That does not change the fact to me that its impossible though as its referenced by a global constant.
Just to explain my standpoint on this, I never had this happen to me before and never thought it was possible for PHP to do such an illogical thing, so I don't even know where to start to even think about fixing it. Everything causing the error is global.
Please correct me if I am over thinking this, this is just confusing me like crazy.
NOTE:
I have attempted disabling open_basedir with no effect (according to an answer).
I have disabled any and all kinds of caching.
I have "checked" individual cache files before disabling to ensure file paths were correct (they were).
So which path is the "impossible" one? Do the files exist under /home/... or under /var/www/...? Which path are you accessing the files under?
I would assume the file exists under the /home/... path now and you have a symlink under /var/www/... that points to the /home/... path. Apache is probably pointing to the symlink in the vhost and so the file being requested by apache under /var/www/..., but really exists under /home/... which is why __FILE__ returns the actual path under /home/... (php generated this path) but is reporting that the file loaded (which it gets from apache) is under /var/www/.... This would explain why the error reports that the file being loaded exists under /var/www/... but the php constant __FILE__ reports where the actual file is located.
To fix, you should point your vhost to the right path, not a symlink. You could also add the /home/... path to the open_basedir in php.ini, but you said turning off open_basedir didn't fix the problem. You could also create your own constant and use that.
Disable the open_basedir restriction in your PHP configuration.
Im beginner in php language. in my web project i created a filepath.config.ini file which stores all file path in the website directories. for eg.
CLASS1 = bin/myclass1.php
CLASS2 = bin/myclass2.php
and im accessing those path by using:
require $_SERVER['DOCUMENT_ROOT'].'/'.GetfilePath('CLASS1');
in localhost server its working good and giving me path like this
D:/myproject/bin/myclass1.php
when i upload those file on test server im getting this open_basedir restriction error.
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/local/apache/htdocs/projectfolder/bin/myclass1.php) is not within the allowed path(s): (/home/:/usr/lib/php:/tmp)
i know we can disable this restriction...but i dont know how to do that :P.
but is it good to use this server DOCUMENT_ROOT ???
or is their any alternate way to use the file path? what you people do to access those file path.
and what happen if i disable the open_basedir restriction? is it secure to do that?
please help me what to do?
Edit your php.ini file (PHP: Configuration Changes) and either disable open_basedir or add /usr/local/apache/htdocs to it.