open_basedir restriction in effect

[onyx chal]

When going into the Manage Multimedia ( media.php ) I was getting a screen full of errors relating to the open_basedir restrictions and the image files. I am on ISPConfig 3, nginx, PHP7 FPM.

The errors were coming from get_media_folders in includes/functions/functions_mediadb.php line 895, where the code tries to check if is_dir, but does it with actual image names, and this triggers the open_basedir restriction.
To fix it I have edited my copy of this function, so that it looks like such:

function get_media_folders() {
    global $MEDIA_DIRECTORY, $MEDIA_DIRECTORY_LEVELS;

    $folderList = array ();
    $folderList[0] = $MEDIA_DIRECTORY;
    if ($MEDIA_DIRECTORY_LEVELS == 0)
        return $folderList;

    $currentFolderNum = 0;
    $nextFolderNum = 1;
    while ($currentFolderNum < count($folderList)) {
        $currentFolder = $folderList[$currentFolderNum];
        $currentFolderNum++;
        // get the folder depth
        $folders = explode($currentFolder, "/");
        $currentDepth = count($folders) - 2;
        // If we're not at the limit, look for more sub-folders within the current folder
        if ($currentDepth <= $MEDIA_DIRECTORY_LEVELS) {
            $dir = dir($currentFolder);
            while (true) {
                $entry = $dir->read();              
                if (!$entry || strpos($entry,".")) // || strpos($entry,".")) added by Onyx 24-2-19 to avoid open_basedir restrictions
                    break;

                if (is_dir($currentFolder . $entry . "/")) {
                    // Weed out some folders we're not interested in
                    if ($entry != "." && $entry != ".." && $entry != "CVS" && $entry != ".svn") {
                        if ($currentFolder . $entry . "/" != $MEDIA_DIRECTORY . "thumbs/") {
                            $folderList[$nextFolderNum] = $currentFolder . $entry . "/";
                            $nextFolderNum++;
                        }
                    }
                }
            }
            $dir->close();
        }
    }
    sort($folderList);
    return $folderList;
}

What this does is breaks out of the checking for a directory before hitting the error condition by checking to see if the $entry has a dot in it (ie it is a file). This does mean that any directories where you have a dot in them will fail to be listed. Don't use dots in directory names?

I hope this helps somebody.

[David Ledger]

On 24 Feb 2019, at 8:08, onyx chal wrote:

When going into the Manage Multimedia ( media.php ) I was getting a
screen full of errors relating to the open_basedir restrictions and
the image files. I am on ISPConfig 3, nginx, PHP7 FPM.

The errors were coming from get_media_folders in
includes/functions/functions_mediadb.php line 895, where the code
tries to check if is_dir, but does it with actual image names, and
this triggers the open_basedir restriction.
To fix it I have edited my copy of this function, so that it looks
like such:
~~~
function get_media_folders() {
global $MEDIA_DIRECTORY, $MEDIA_DIRECTORY_LEVELS;

$folderList = array ();
$folderList[0] = $MEDIA_DIRECTORY;
if ($MEDIA_DIRECTORY_LEVELS == 0)
return $folderList;

$currentFolderNum = 0;
$nextFolderNum = 1;
while ($currentFolderNum < count($folderList)) {
$currentFolder = $folderList[$currentFolderNum];
$currentFolderNum++;
// get the folder depth
$folders = explode($currentFolder, "/");
$currentDepth = count($folders) - 2;
// If we're not at the limit, look for more sub-folders within the
current folder
if ($currentDepth <= $MEDIA_DIRECTORY_LEVELS) {
$dir = dir($currentFolder);
while (true) {
$entry = $dir->read();
if (!$entry || strpos($entry,".")) // || strpos($entry,".")) added
by Onyx 24-2-19 to avoid open_basedir restrictions
break;

          if (is_dir($currentFolder . $entry . "/")) {
              // Weed out some folders we're not interested in
              if ($entry != "." && $entry != ".." && $entry != "CVS" && $entry

!= ".svn") {
if ($currentFolder . $entry . "/" != $MEDIA_DIRECTORY .
"thumbs/") {
$folderList[$nextFolderNum] = $currentFolder . $entry . "/";
$nextFolderNum++;
}
}
}
}
$dir->close();
}
}
sort($folderList);
return $folderList;
}
~~~
What this does is breaks out of the checking for a directory before
hitting the error condition by checking to see if the $entry has a dot
in it (ie it is a file). This does mean that any directories where you
have a dot in them will fail to be listed. Don't use dots in directory
names?

I hope this helps somebody.

Weird. Both files and directories can have a dot, or more, or none.
‘.’s have nothing to do with file type.

David

open_basedir restriction in
effect

---

Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/phpgedview/discussion/185165/

To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/

[Gerry Kroll]

This code won't work when the media directory being examined contains files as well as subdirectories.

I've never personally encountered a site configured with "open_basedir" -- my first reaction would be "get rid of that restriction".

If you insist on preserving the restriction, what you will have to do is to re-work the code so that the check for xxx being a directory becomes a check for xxx being a file. When xxx is a file, execute a continue statement, so that files are skipped. After that, there's no need to verify that xxx is a directory, and the code can just look for directory names that should not become part of the list of media subdirectories.

[Gerry Kroll]

Please try the attached file. Unzip the attachment, and copy the resultant file "functions_mediadb.php" to the "/includes/functions" directory to replace the one that's already there.

Please let us know whether this fixes the problem.

[onyx chal]

This does indeed work, thanks @Gerry Kroll.

[Gerry Kroll]

Thank you for letting us know so quickly.

I'll post this to the SVN repository.

[onyx chal]

Cheers! Any clue on this one: https://sourceforge.net/p/phpgedview/discussion/185166/thread/0a427d0606/
??