[BlueOnyx:26191] Re: Error Adding additional information to open_basedir in GUI for site

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Fri May 5 02:30:28 -05 2023 

Hello Michael,

thank you very much for the fix and the hints.

Best regards,
Dirk
 

 
blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel 

-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
Stauber
Gesendet: Donnerstag, 4. Mai 2023 03:09
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:26187] Re: Error Adding additional information to
open_basedir in GUI for site

Hi Dirk,

> I did try to add one additional entry (/usr/bin/pdftotext) to 
> open_basedir in the GUI for one specific site and get back:
> 
> ---
> 
> An uncaught Exception was encountered
> 
> Type: Error
> 
> Message: Cannot access protected property Error::$message
> 
> Filename: 
> /usr/sausalito/ui/chorizo/ci/application/libraries/uifc/PagedBlock.php
> 
> Line Number: 933


The suspense was killing me, so I started looking. ;o)

On 5209R I get a working GUI error message.

On 5210R I got the CI error you described.

On 5211R I also got a GUI error due to messed up error handling in that GUI
page. Similar problem like on 5210R.

So I just rolled out YUM updates for base-vsite of 5210R and 5211R, which
fix this.

But back to the topic: Adding /usr/bin/pdftotext to the open_basedir of a
Vsite will now trigger the (correct!) GUI error message that is as
follows:

---------------------------------------------------------------------
The following open_basedir path is not readable by PHP and has been removed
automatically: /usr/bin/pdftotext
---------------------------------------------------------------------

That's because /usr/bin/pdftotext either doesn't exist, or if it exists (in
your case it probably does) it's a file. And the 'open_basedir' 
directive only takes directories, not paths to files. That's why we check
the presence and existence of such directories in the GUI page with
is_dir(<directory>), which will return FALSE on /usr/bin/pdftotext, as it
either doesn't exists, or is (in your case) a file.

So you would have to specify '/usr/bin/' instead, which I'd consider a bit
risky given what else is in /usr/bin/.

My suggestion: Make a directory like this: /home/phpscripts/

And in there put a shell script like this: 
/home/phpscripts/pdftotext.sh, with this in it:

-------------------------------------------------------------
#!/bin/sh
/usr/bin/pdftotext $@
-------------------------------------------------------------

If /home/phpscripts/pdftotext.sh is called, it will call /usr/bin/pdftotext
and will pass all command line options on to it. In your PHP script you
simply call /home/phpscripts/pdftotext.sh (instead of pdftotext) and you
should be good to go.

Please note: In the server wide PHP settings under "Security" you may need
to allow whatever PHP function you use to call the external program. That
could be one of these options:

exec
system
shell_exec

We usually forbid usage of them in the default settings.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230505/da43c4ce/attachment.p7s>

More information about the Blueonyx mailing list