Home › Forums › BulletProof Security Pro › file_exists(): open_basedir restriction in effect. File() is not within the allowed path(s)
Tagged: open_basedir
- This topic has 41 replies, 4 voices, and was last updated 5 years, 6 months ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterWow I just learned something new. I’ve always known open_basedir was junk and had no real security benefit whatsoever.
open_basedir causes significant performance issues for AutoRestore and specifically for the ARQ wp-content folder check, which uses the PHP RecursiveFilterIterator class, which is filtered with PHP accept() implemented in the subclass. There is a significant performance hit when using open_basedir.So anyway I have created all new code that fixes the Setup Wizard hanging problem due to open_basedir and will be packaging this new zip file, BUT I will continue to recommend to people that they disable and do not use open_basedir. In the big picture the Setup Wizard will complete successfully. So what I will need to do is add an additional check with a Dismiss Notice that alerts folks that using open_basedir will cause the AutoRestore Cron to work harder to compensate for open_basedir, which means ARQ will take longer to complete file checks on each Cron run and more memory and server resources will be used on each ARQ Cron run.
Unfortunately, there is no way that I can see to change any of the ARQ Cron wp-content folder check code to work with open_basedir. To me this seems like a bug in PHP code or some compatibility problem or some limitation when using open_basedir with the PHP RecursiveFilterIterator class. I have been saying for years open_basedir is junk and this proves that point even more.
AITpro Admin
Keymaster@ Jason – Ok a new BPS Pro zip file has been uploaded to the BPS Pro Download Area with the new code modifications to compensate for open_basedir. Download the new BPS Pro zip file here: www.ait-pro.com/wp-admin/.
Use the BPS Pro Upload Zip installer located under the BPS Pro > Setup menu > Upload Zip Install > to install the new BPS Pro zip file. The BPS Pro version is still the same. Then run the Pre-Installation Wizard and Setup Wizard. The Setup Wizard should complete successfully without hanging/stalling. Note: open_basedir causes the Setup Wizard to take longer to complete, but total install time should be less than 2 minutes.
Jason
ParticipantHello
Thanks so much for taking the time on this and detailed explanation of the issue.
I’ve installed the update and Setup Wizard completed in 13:58 seconds with no issues – seamless and superb support as always, thank you 🙂
Before running the Setup Wizard I did change the F-Lock settings as described before. https://forum.ait-pro.com/forums/topic/php-error-file_exists-open_basedir-restriction-in-effect-on-htaccess-prevents-setup-wizard/page/3/
Not entirely sure if this was still necassary but did it anyway.
One question regards server load and AutoRestore Cron – is it worth changing the “ARQ Cron Check Frequency:” to reduce the frequency of these checks and therefore load on the server?
Many thanks again for your help and such a quick repsonse and fix
JasonPS Just as a note about this forum: when typing a post the tab switching between “Visual” / “Text” isn’t working, its locked to “Text”. Tried in IE, Firefox, Chrome on Windows 10 – hence the full URLs used as I can’t remember the link shortcode 😉
AITpro Admin
KeymasterGreat! Thanks for confirming the new code modifications for open_basedir are working. I still recommend that open_basedir is turned off/disabled/commented out in a php.ini file, unless of course you need open_basedir to compartmentalize sites in a vhost environment. As far as the security benefits go for open_basedir they are NULL and VOID.
No, you would definitely not change the ARQ Cron frequency to accommodate the problems with open_basedir. At this point I have several people in several different environments testing the negative impacts of open_basedir to ARQ performance. It looks like the average negative performance impact to ARQ is a .1 second (10th of a second) processing delay, which is significant to me, but probably not very significant to the average person. So at this point do not change anything with your ARQ settings.
Thanks for letting me know about the forum Editor problem. We just switched to SSL for this forum site so that may have something to do with that problem. Will do some testing and fix that.
AITpro Admin
Keymaster@ Jason – I tested logging in as a regular user/participant with Windows 7 and Chrome and both Editor editing tabs are working fine: Visual|Text. Try clearing your Browser Cache. It is possible, but unlikely that the problem has to do with Windows 10.
Jason
ParticipantHi
Thanks so much for confirming about ARQ Cron frequency – good to know 🙂
Regards tabs, I’ve cleared cache in Firefox and still geting the same issue. It’s across all browsers even IE and Crhome which I never really use so these have no addons (although I have disabled those too during testing in Firefox).
Versions are:
Firefox 50.0.2
Microsoft Edge 38.14393.0.0
Google Chrome Version 54.0.2840.99 m
Windows 10 Pro 64bitI’ve noted the following alerts and errors when looking at the developer console in Firefox:
! unreachable code after return statement en-global.js[q7F8QxFd-uvS8ISeh9zfVg]:101:5823 ! Use of getAttributeNode() is deprecated. Use getAttribute() instead. en-global.js[q7F8QxFd-uvS8ISeh9zfVg]:4:53182 ! 'mozHidden' and 'mozVisibilityState' are deprecated. Please use the unprefixed 'hidden' and 'visibilityState' instead. conversion.js:2:379 X GET https://forum.ait-pro.com/wp-content/plugins/buddypress/bp-core/js/vendor/jquery-cookie.min.js [HTTP/1.1 403 Forbidden 476ms] X The resource from “https://forum.ait-pro.com/wp-content/plugins/buddypress/bp-core/js/vendor/jquery-cookie.min.js?ver=2.7.2” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). (unknown) X JQMIGRATE: Migrate is installed, version 1.4.1 jquery-migrate.min.js:2 X TypeError: jq.cookie is not a function global.js:1326:2
Of course this could be specific to my PC.
Hope that helps
JasonAITpro Admin
Keymaster@ Jason – ah ok. I didn’t check if this was a Plugin Firewall issue. We recently upgraded BuddyPress and bbPress on this forum site. So I will turn on Plugin Firewall AutoPilot Mode to automatically create new whitelist rules. 😉
AITpro Admin
Keymaster@ Jason – Ok AutoPilot Mode created the new whitelist rules. So the Text Editor should now work normally.
[Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 6, 2016 - 8:41 am] Whitelist Rule: /buddypress/bp-core/js/vendor/jquery-cookie.min.js Whitelist Rule: /buddypress/bp-core/js/vendor/jquery-scroll-to.min.js Whitelist Rule: /buddypress/bp-core/js/vendor/livestamp.min.js Whitelist Rule: /buddypress/bp-core/js/vendor/moment-js/moment.min.js Whitelist Rule: /buddypress/bp-core/js/vendor/jquery.caret.min.js Whitelist Rule: /buddypress/bp-core/js/vendor/jquery.atwho.min.js
Jason
ParticipantFixed! Awesome.
- Thanks again for all your help
🙂
Terry
ParticipantI get the following error on one site with BPS Pro. The path matches the same structure as other domains on the server using BPS Pro. It never shows the server path to the log file.
Warning: copy(): open_basedir restriction in effect. File() is not within the allowed path(s): (/home/xxxxx/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 1702
Terry
ParticipantI posted this error 5 days ago with no response. Is there anyone that can explain why this is causing errors? Is there another way to contact support?
AITpro Admin
Keymaster@ Terry – I believe the question has been asked and answered somewhat “completely” in this forum topic. Maybe start from the beginning of this topic and if your question is not answered then let me know.
-
AuthorPosts
- You must be logged in to reply to this topic.