Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-01-09 09:24:49

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 8,566
Website

Create new user can fail if open_basedir is in effect

Not seen this before, presumably peculiar to this particular host of one of my clients. After entering user details at Admin->Users->New Author and clicking Save, I see this twice on the screen:

Warning "file_exists(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/var/www/vhosts/domain.com/:/tmp/)"
in /var/www/vhosts/domain.com/httpdocs/textpattern/vendors/Textpattern/Password/Random.php at line 81

Should we (can we?) defend against this? Or do I need to petition the host/scour their control panel to see if it’s possible to expand the open_basedir set? I don’t see a neat way round it in code, beyond suppressing errors on the file_exists() and/or is_readable() calls, but I don’t like doing that.

EDIT: I should add that the user is still created and the welcome email is sent fine.

EDIT2: The host’s control panel settings for open_basedir only have a choice of three pre-defined options, one of which is “none” so I guess worst case scenario is I turn it off there, but if we can defend against it sensibly in code then I’d still like to pursue it.

Last edited by Bloke (2019-01-09 09:44:26)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#2 2019-02-16 22:23:10

colin99
Member
Registered: 2005-11-15
Posts: 47

Re: Create new user can fail if open_basedir is in effect

Bloke wrote #316009:

Not seen this before, presumably peculiar to this particular host of one of my clients. After entering user details at Admin->Users->New Author and clicking Save, I see this twice on the screen:

Warning "file_exists(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/var/www/vhosts/domain.com/:/tmp/)"...

Should we (can we?) defend against this? Or do I need to petition the host/scour their control panel to see if it’s possible to expand the open_basedir set? I don’t see a neat way round it in code, beyond suppressing errors on the file_exists() and/or is_readable() calls, but I don’t like doing that.

EDIT: I should add that the user is still created and the welcome email is sent fine.

EDIT2: The host’s control panel settings for open_basedir only have a choice of three pre-defined options, one of which is “none” so I guess worst case scenario is I turn it off there, but if we can defend against it sensibly in code then I’d still like to pursue it.


I’ve been using TXP since 2004 and I don’t think I’ve created more than 4 users in the entire time – should have a look.


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

Board footer

Powered by FluxBB