Peper Posted October 29, 2018 Share Posted October 29, 2018 Hope anyone can help Posting this in general support, still same issue with all the files containing this code. In my configure file is define('DIR_FS_CATALOG', '/usr/www/users/alarmspggy/'); I tried using instead of DIR_FS_CATALOG to '..' The notice disappears but cannot selecting pages for this function - clears all names after pressing save Hosting support said i have to fix code, not allowed the following code gives error in admin side: open_basedir restriction in effect Warning: is_dir(): open_basedir restriction in effect. File(/usr/www/users/mspggy/..) is not within the allowed path(s): (/usr/www/wwws/users/mspggy:/usr/wwws/users/mspggy:/usr/www/users/mspggy:/usr/home/mspggy:/usr/local/rmagic:/usr/www/users/he/_system_:/usr/share/php:/usr/local/lib/php:/tmp:/usr/bin:/usr/local/bin:/usr/local/share/www:/usr/www/share/www:/usr/share/misc:/dev/urandom) in /usr/www/users/mspggy/includes/modules/content/header/cm_header_holiday.php on line 139 - if (!is_dir(DIR_FS_CATALOG . $file)) { This started happening after i changed to a new server with tighter security, any possible workaround for this? Also noticed there's a couple modules with this code $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.')); $files_array = array(); if ($dir = @dir(DIR_FS_CATALOG)) { while ($file = $dir->read()) { if (!is_dir(DIR_FS_CATALOG . $file)) { if (substr($file, strrpos($file, '.')) == $file_extension) { $files_array[] = $file; } } } sort($files_array); $dir->close(); } Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
MrPhil Posted October 29, 2018 Share Posted October 29, 2018 What are you trying to accomplish by adding ".." to your DIR_FS_CATALOG? Did you replace /usr/www/users/alarmspggy with .., or append it to the end (as the error message seems to say)? The .. will take you back to /usr/www/users/, which is not a valid place for you to be reading or writing files. /usr/www/users/alarmspggy is not listed as an allowable path, but /usr/www/users/mspggy is... did you get an error with it? Did someone make a mistake in configuring the system? Link to comment Share on other sites More sharing options...
Peper Posted October 30, 2018 Author Share Posted October 30, 2018 Hello @MrPhil, thanks for insight I know the code was and is working fine - only my side and have no access to server config. i can pm you all the paths for open_basedir as i tried a couple of them I have added the ... to path and no error: if (!is_dir(DIR_FS_CATALOG . '..' . $file)) { However the saving part is not playing along. Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
MrPhil Posted October 30, 2018 Share Posted October 30, 2018 OK, "alar" was a typo or something, and the name we're using is "mspggy" (I see it as "Miss Piggy", from the Muppets). Carrying on... File(/usr/www/users/mspggy/..) is not within the allowed path(s): should be quite self-explanatory -- you are trying to read or write files in /usr/www/users/, which is not in the list of allowed path roots (basedirs). If your account is, in fact, /usr/www/users/mspggy/, a DIR_FS_CATALOG with that string should work. Possibly you are running into problems because the second entry for any directory will be "..", which means you will be querying /usr/www/users/mspggy/.., which will be not allowed. Try this: test if $file is "." or ".." and if it is, bypass it: $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.')); $files_array = array(); if ($dir = @dir(DIR_FS_CATALOG)) { while ($file = $dir->read()) { if ($file == '.' || $file == '..') continue; // new line to bypass . and .. if (!is_dir(DIR_FS_CATALOG . $file)) { if (substr($file, strrpos($file, '.')) == $file_extension) { $files_array[] = $file; } } } sort($files_array); $dir->close(); } Failing to check for (and skip) . and .. was just sloppy coding on someone's part. Link to comment Share on other sites More sharing options...
Peper Posted November 2, 2018 Author Share Posted November 2, 2018 Thanks Phil This dir file checking is now working perfect without spewing out errors, i will change all files with this code to yours. When saving, the selected file options was not being saved However, i found ckeditor interfered here. Once ckeditor was disabled i was able to select files and save correctly. Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
MrPhil Posted November 2, 2018 Share Posted November 2, 2018 Sounds good, glad to have helped. Any place the code reads a directory, it should check for . and .. entries, and skip them. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.