Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

open_basedir restriction


Peper

Recommended Posts

Hope anyone can help

Posting this in general support, still same issue with all the files containing this code.

In my configure file is   define('DIR_FS_CATALOG', '/usr/www/users/alarmspggy/');

I tried using instead of DIR_FS_CATALOG to  '..'

The notice disappears but cannot selecting pages for this function - clears all names after pressing save

Hosting support said i have to fix code, not allowed

the following code gives error in admin side: open_basedir restriction in effect

Warning: is_dir(): open_basedir restriction in effect. File(/usr/www/users/mspggy/..) is not within the allowed path(s): (/usr/www/wwws/users/mspggy:/usr/wwws/users/mspggy:/usr/www/users/mspggy:/usr/home/mspggy:/usr/local/rmagic:/usr/www/users/he/_system_:/usr/share/php:/usr/local/lib/php:/tmp:/usr/bin:/usr/local/bin:/usr/local/share/www:/usr/www/share/www:/usr/share/misc:/dev/urandom) in /usr/www/users/mspggy/includes/modules/content/header/cm_header_holiday.php on line 139 - if (!is_dir(DIR_FS_CATALOG . $file)) {

This started happening after i changed to a new server with tighter security, any possible workaround for this?

Also noticed there's a couple modules with this code

    $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
    $files_array = array();
	  if ($dir = @dir(DIR_FS_CATALOG)) {
	    while ($file = $dir->read()) {
	      if (!is_dir(DIR_FS_CATALOG . $file)) {
	        if (substr($file, strrpos($file, '.')) == $file_extension) {
            $files_array[] = $file;
          }
        }
      }
      sort($files_array);
      $dir->close();
    }

Getting the Phoenix off the ground

Link to comment
Share on other sites

What are you trying to accomplish by adding ".." to your DIR_FS_CATALOG? Did you replace /usr/www/users/alarmspggy with .., or append it to the end (as the error message seems to say)? The .. will take you back to /usr/www/users/, which is not a valid place for you to be reading or writing files. /usr/www/users/alarmspggy is not listed as an allowable path, but /usr/www/users/mspggy is... did you get an error with it? Did someone make a mistake in configuring the system?

Link to comment
Share on other sites

Hello @MrPhil, thanks for insight

I know the code was and is working fine - only my side and have no access to server config. i can pm you all the paths for open_basedir as i tried a couple of them

I have added the ... to path and no error: if (!is_dir(DIR_FS_CATALOG . '..' . $file)) {

However the saving part is not playing along.

ex.jpg.da888b9b2c3cc9eac4c4372bd46d0c57.jpg

Getting the Phoenix off the ground

Link to comment
Share on other sites

OK, "alar" was a typo or something, and the name we're using is "mspggy" (I see it as "Miss Piggy", from the Muppets). Carrying on...

File(/usr/www/users/mspggy/..) is not within the allowed path(s): should be quite self-explanatory -- you are trying to read or write files in /usr/www/users/, which is not in the list of allowed path roots (basedirs). If your account is, in fact, /usr/www/users/mspggy/, a DIR_FS_CATALOG with that string should work. Possibly you are running into problems because the second entry for any directory will be "..", which means you will be querying /usr/www/users/mspggy/.., which will be not allowed.

Try this: test if $file is "." or ".." and if it is, bypass it:

    $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
    $files_array = array();
	  if ($dir = @dir(DIR_FS_CATALOG)) {
	    while ($file = $dir->read()) {
          if ($file == '.' || $file == '..') continue;  // new line to bypass . and ..
	      if (!is_dir(DIR_FS_CATALOG . $file)) {
	        if (substr($file, strrpos($file, '.')) == $file_extension) {
            $files_array[] = $file;
          }
        }
      }
      sort($files_array);
      $dir->close();
    }

Failing to check for (and skip) . and .. was just sloppy coding on someone's part.

Link to comment
Share on other sites

Thanks Phil

This dir file checking is now working perfect without spewing out errors, i will change all files with this code to yours.

When saving, the selected file options was not being saved

However, i found ckeditor interfered here. Once ckeditor was disabled i was able to select files and save correctly.

Getting the Phoenix off the ground

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...