open_basedir and uploads

General Interworx Control Panel Info General Inquries
1

Hello,

It’s look like there is a pbm wether in php or chroot env or in some softs.

We use open_basedir to restrict the directories a user might use.

for example
php_admin_value open_basedir “/chroot/home/webalpac:/tmp”

Some users complains for their uploads doesn’t work in some softwares like :
oscommerce
dotproject

Here is an error returned by the soft

Error: File upload not saved.

1: [client 62.147.195.25] PHP Warning: move_uploaded_file(): open_basedir restriction in effect. File(/home/webalpac/webalpa.com/html/boutique123/images/80_photo3.jpg) is not within the allowed path(s): (/chroot/home/webalpac/webalpa.com/html:/tmp) in /chroot/home/webalpac/webalpa.com/html/boutique123/admin/includes/classes/upload.php on line 94, referer: http://webalpa.com/boutique123/admin/categories.php?cPath=&action=new_product

As you can see the error say the file /home/webalpac/webalpa.com/html/boutique123/images/80_photo3.jpg is not in an allowed path, which are /chroot/home/webalpac/webalpa.com/html:/tmp

So the file is in the allowed path.

I’ve also tried to add in the open_basedir the /home/webalpac rather than /chroot/home/webalpac but the result is exactly the same.

Any ideas ?

Pascal

2

This isn’t going to b a great fix but you could probably change the oscommerce / dotproject config files to reference /chroot/home where they reference /home now. I’m not sure why PHP isn’t doing a ‘realpath’ and resolving the actual paths but the above should fix the error at least.

Chris

3

[QUOTE=IWorx-Chris;10067]This isn’t going to b a great fix but you could probably change the oscommerce / dotproject config files to reference /chroot/home where they reference /home now. I’m not sure why PHP isn’t doing a ‘realpath’ and resolving the actual paths but the above should fix the error at least.

Chris[/QUOTE]

I’ve already done this but the problem is the same. It’s look like they use move_iuploqded_file and looks like it might be a php bug.

Thanks

Pascal

4

hmm. it’s definitely possible that it’s a PHP bug. I’ve run into more bugs in the open_basedir stuff than I’d care to mention.

Chris