open_basedir exception in Attachment admin page

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Ideas Centre
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Locked
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

open_basedir exception in Attachment admin page

Post by gsmaclean »

Support Request Template
What version of phpBB are you using? phpBB 3.1.3
What is your board's URL? http://goldwingdocs.com/forum
Who do you host your board with? Self hosted
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Update from a previous version of phpBB3
Is registration required to reproduce this issue? No
Do you have any MODs installed? No
What version of phpBB3 did you update from? phpBB 3.0.11
What styles do you currently have installed? Prosilver
What language(s) is your board currently using? English
Which database type/version are you using? MS SQL Server
What is your level of experience? Experienced with PHP and phpBB
When did your problem begin? With new upgrade
Please describe your problem. I have open_basedir defined in php.ini to restrict access by PHP to specific directories. The /forum/adm/index.php?i=acp_attachments page fails with a 330 error when GZIP is enabled. When GZIP is disabled, it is obvious the reason for the failure is errors appearing at the top of the page:

Code: Select all

    [phpBB Debug] PHP Warning: in file [ROOT]/includes/functions_acp.php on line 571: file_exists(): open_basedir restriction in effect. File(./../C:/Program Files (x86)/ImageMagick-6.8.7-Q16/) is not within the allowed path(s)

    [phpBB Debug] PHP Warning: in file [ROOT]/includes/functions_acp.php on line 576: file_exists(): open_basedir restriction in effect. File(./../C:/Program Files (x86)/ImageMagick-6.8.7-Q16/) is not within the allowed path(s)
This is due to the page attempting to determine whether convert.exe is in fact in the directory specified with a file_exists(). I'm not about to open my basedir to allow PHP to have file access to directories that contain executables, that is a huge security risk. How do we get around this issue?
Generated by SRT Generator
User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10423
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: open_basedir exception in Attachment admin page

Post by Noxwizard »

Try this:

Open: /includes/functions_acp.php
Find: (line 571)

Code: Select all

if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
Replace with:

Code: Select all

if (!@file_exists($phpbb_root_path . $cfg_array[$config_name]))
Find: (line 576)

Code: Select all

if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
Replace with:

Code: Select all

if (@file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

The changes you gave do in fact stop the errors from occurring, so the page will render, but the issue still exists. Visiting the page shows the warning:
Warning.gif
Warning.gif (8.47 KiB) Viewed 882 times
This path definitely exists, and it contains the convert.exe executable.
Convert.GIF
Convert.GIF (2.2 KiB) Viewed 882 times
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52301
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: open_basedir exception in Attachment admin page

Post by Brf »

It exists, but you have blocked access to it...
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

Brf wrote:It exists, but you have blocked access to it...
It doesn't matter what I put in open_basedir - I've even disabled open_basedir altogether (commented it out in php.ini), but it still doesn't find it.
rxu
Extensions Development Team
Posts: 3467
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: open_basedir exception in Attachment admin page

Post by rxu »

Are you sure the webserver is allowed to access the program files folder?
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

rxu wrote:Are you sure the webserver is allowed to access the program files folder?
I tried disabling base_opendirs, then temporarily ran the application pool under the administrator account as a test. It still was unable to "see" the directory.
rxu
Extensions Development Team
Posts: 3467
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: open_basedir exception in Attachment admin page

Post by rxu »

gsmaclean wrote:I tried disabling base_opendirs, then temporarily ran the application pool under the administrator account as a test. It still was unable to "see" the directory.
What application? Do you mean Apache binaries (what server btw?) or something else?
The problem seems to be the webserver has no access to the c:\progeram files (x86) folder.
Another question is why is it needed at all - is imagemagik installed properly? Do you have imagik dll file in PHP ext folder (f.e. see this tutorial)?
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

rxu wrote:
gsmaclean wrote:I tried disabling base_opendirs, then temporarily ran the application pool under the administrator account as a test. It still was unable to "see" the directory.
What application? Do you mean Apache binaries (what server btw?) or something else?
The problem seems to be the webserver has no access to the c:\progeram files (x86) folder.
Another question is why is it needed at all - is imagemagik installed properly? Do you have imagik dll file in PHP ext folder (f.e. see this tutorial)?
This is under IIS7.

As to why it is needed...that's a question for the PHPBB folk. I assume it's using convert.exe to resize attachments?
rxu
Extensions Development Team
Posts: 3467
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: open_basedir exception in Attachment admin page

Post by rxu »

gsmaclean wrote:As to why it is needed
I've meant the access to to c:\progeram files (x86) folder :)
Did you install imagick as a PHP extension anyway? I'm pretty sure PHP shouldn't have a deal with executable files but rather with extensions dlls.
rxu
Extensions Development Team
Posts: 3467
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: open_basedir exception in Attachment admin page

Post by rxu »

BTW you could just try GD (bundled PHP extension) instead of messing with imagick.
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

rxu wrote:
gsmaclean wrote:As to why it is needed
I've meant the access to to c:\progeram files (x86) folder :)
Did you install imagick as a PHP extension anyway? I'm pretty sure PHP shouldn't have a deal with executable files but rather with extensions dlls.
Yes, I have Imagick as a PHP extension:

[PHP_IMAGICK]
extension=php_imagick.dll

It appears the only place this is being used is to generate resized thumbnails of images of attachments when posting - this is from functions_posting.php:

Code: Select all

	// Only use imagemagick if defined and the passthru function not disabled
	if ($config['img_imagick'] && function_exists('passthru'))
	{
		if (substr($config['img_imagick'], -1) !== '/')
		{
			$config['img_imagick'] .= '/';
		}

		@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -geometry ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" "' . str_replace('\\', '/', $destination) . '"');

		if (file_exists($destination))
		{
			$used_imagick = true;
		}
	}
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: open_basedir exception in Attachment admin page

Post by Oyabun1 »

There is a bug in 3.1.3, you are required to put the relative path to ImageMagic or the error message will show, so something like ./../C:/Program Files (x86)/ImageMagick-6.8.7-Q16/
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
gsmaclean
Registered User
Posts: 73
Joined: Sun Nov 06, 2005 12:13 am

Re: open_basedir exception in Attachment admin page

Post by gsmaclean »

Oyabun1 wrote:There is a bug in 3.1.3, you are required to put the relative path to ImageMagic or the error message will show, so something like ./../C:/Program Files (x86)/ImageMagick-6.8.7-Q16/
...and what about when it's on a different drive (which is the case for me)?
rxu
Extensions Development Team
Posts: 3467
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: open_basedir exception in Attachment admin page

Post by rxu »

gsmaclean
Again, if imagick is not a mandatory for you, you can still drop it in favour of GD PHP extension. Just enable it and set imagick path empty.
Locked

Return to “[3.1.x] Support Forum”