[BlueOnyx:26187] Re: Error Adding additional information to open_basedir in GUI for site

Michael Stauber mstauber at blueonyx.it
Wed May 3 20:08:46 -05 2023 

Hi Dirk,

> I did try to add one additional entry (/usr/bin/pdftotext) to 
> open_basedir in the GUI for one specific site and get back:
> 
> ---
> 
> An uncaught Exception was encountered
> 
> Type: Error
> 
> Message: Cannot access protected property Error::$message
> 
> Filename: 
> /usr/sausalito/ui/chorizo/ci/application/libraries/uifc/PagedBlock.php
> 
> Line Number: 933


The suspense was killing me, so I started looking. ;o)

On 5209R I get a working GUI error message.

On 5210R I got the CI error you described.

On 5211R I also got a GUI error due to messed up error handling in that 
GUI page. Similar problem like on 5210R.

So I just rolled out YUM updates for base-vsite of 5210R and 5211R, 
which fix this.

But back to the topic: Adding /usr/bin/pdftotext to the open_basedir of 
a Vsite will now trigger the (correct!) GUI error message that is as 
follows:

---------------------------------------------------------------------
The following open_basedir path is not readable by PHP and has been 
removed automatically: /usr/bin/pdftotext
---------------------------------------------------------------------

That's because /usr/bin/pdftotext either doesn't exist, or if it exists 
(in your case it probably does) it's a file. And the 'open_basedir' 
directive only takes directories, not paths to files. That's why we 
check the presence and existence of such directories in the GUI page 
with is_dir(<directory>), which will return FALSE on /usr/bin/pdftotext, 
as it either doesn't exists, or is (in your case) a file.

So you would have to specify '/usr/bin/' instead, which I'd consider a 
bit risky given what else is in /usr/bin/.

My suggestion: Make a directory like this: /home/phpscripts/

And in there put a shell script like this: 
/home/phpscripts/pdftotext.sh, with this in it:

-------------------------------------------------------------
#!/bin/sh
/usr/bin/pdftotext $@
-------------------------------------------------------------

If /home/phpscripts/pdftotext.sh is called, it will call 
/usr/bin/pdftotext and will pass all command line options on to it. In 
your PHP script you simply call /home/phpscripts/pdftotext.sh (instead 
of pdftotext) and you should be good to go.

Please note: In the server wide PHP settings under "Security" you may 
need to allow whatever PHP function you use to call the external 
program. That could be one of these options:

exec
system
shell_exec

We usually forbid usage of them in the default settings.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list