Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File Inspector tries to traverse above the e107 docroot #4844

Closed
Deltik opened this issue Aug 8, 2022 · 1 comment · Fixed by #4845
Closed

File Inspector tries to traverse above the e107 docroot #4844

Deltik opened this issue Aug 8, 2022 · 1 comment · Fixed by #4845
Assignees
@Deltik
Labels
type: bug A problem that should not be happening

Comments

@Deltik
Copy link
Member

Deltik commented Aug 8, 2022

Bug Description

Report by @dimmskii from Gitter:

[Mon Aug 08 00:33:58.185203 2022] [php7:error] [pid xxxxxx] [client xxx.xxx.xxx.xxx:xxxxx] PHP Fatal error: Uncaught RuntimeException: SplFileInfo::isDir(): open_basedir restriction in effect. File(/var/www/www.mydomain.com/htdocs/..) is not within the allowed path(s): (/var/www/www.mydomain.com/htdocs/) in /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php:608
Stack trace:
#0 /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php(608): SplFileInfo->isDir()
#1 /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php(594): file_inspector->inspect_existing()
#2 /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php(932): file_inspector->inspect()
#3 /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php(156): file_inspector->scan_results()
#4 /var/www/www.mydomain.com/htdocs/e107_handlers/admin_ui.php(1080): fileinspector_admin->init()
#5 /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php(249): e_admin_dispatcher->__construct()
#6 {main}
 thrown in /var/www/www.mydomain.com/htdocs/e107_admin/fileinspector.php on line 608, referer: https://www.mydomain.com/e107_admin/fileinspector.php?core=none&type=tree&missing=1&noncore=1&oldcore=1&scan=a4807caec4e844118a8c837616354631&mode=main&action=run

File scanner wants to access docroot/.. for some reason

I have php admin value base_opendir set to my doc root in my vhost

Temp is within docroot

But does e107 require traversal all the way down to root of my unix or something
@Deltik Deltik added the type: bug A problem that should not be happening label Aug 8, 2022
@Deltik Deltik self-assigned this Aug 8, 2022
Deltik added a commit to Deltik/e107 that referenced this issue Aug 8, 2022
@Deltik
e107inc#4844: File Inspector: Do not traverse above the base directory
015598f 
Fixes: e107inc#4844
@Deltik Deltik mentioned this issue Aug 8, 2022
Merged
10 tasks
Deltik added a commit to Deltik/e107 that referenced this issue Aug 8, 2022
@Deltik
e107inc#4844: File Inspector: Do not traverse above the base directory
8ae49c2 
Fixes: e107inc#4844
CaMer0n added a commit that referenced this issue Aug 9, 2022
@CaMer0n
Merge pull request #4845 from Deltik/fix/4844
29331ea 
Fixes #4844: File Inspector: Do not traverse above the base directory
@dimmskii
Copy link

dimmskii commented Aug 10, 2022
edited
Loading

#4845 Tested to work on same server where issue reproduced.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Deltik Deltik

Labels
type: bug A problem that should not be happening
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#4844: File Inspector: Do not traverse above the base directory Deltik/e107
2 participants
@Deltik @dimmskii