Setting open_basedir on Media Temple

Question

I'm currently getting an open_basedir restriction error on my CakePHP application running on Media Temple. (site number and domain changed for purpose of question).

I've read the docs here: https://kb.mediatemple.net/questions/514/How+do+I+set+the+path+for+open_basedir%3F#gs for how to fix this problem.

I've tried the following in my php.ini file:

open_basedir = /home/00000/domains

But still get the same error. Which is as follows:

Warning (2): file_exists(): open_basedir restriction in effect. File(/home/00000/domains/test.com/html/app/webroot/index.php/img/cameron.jpg) is not within the allowed path(s): (/home/00000/domains) [APP/Plugin/Timthumb/Vendor/timthumb.php, line 896]

Any ideas?

The change is definitely being applied as the error path is updated to what I have specified above, but I still get the open_basedir restriction. And doing phpinfo() shows the change as well:

Update: Media Temple doesn't offer support for this, but has been courtesy enough to provide some help and said that I need to do the following:

open_basedir = "/home/00000/data/tmp:/home/00000/domains"

However this STILL does not work! And they are unable to provide further info.

Update 2: Mod_rewrite is enabled, and I'm using this Plugin: https://github.com/vishal-logiciel/TimthumbPlugin/

Answer 1

You should leave the final trailing '/' off of your open_basedir. Per the docs:

When you want to restrict access to only the specified directory, end with a slash. For example: open_basedir = /dir/incl/

So your entry only applies to /home/00000/domains, not any sub directories.

Answer 2

The problem doesn't look like it has anything to do with the framework you're using - the vendor class raising the error doesn't depend on any (relevant) external configuration.

There's a configuration or application error

But it's not the open_basedir settting. (which so long as it includes /home/00000/domains/test.com/html/ should be no problem).

The file raising the error is attempting to access a path that is (correctly) causing problems:

Warning (2): file_exists(): open_basedir restriction in effect. 

File(/home/00000/domains/test.com/html/app/webroot/index.php/attachments/view/5)
                                                   ^^^^^^^^^

is not within the allowed path(s): (/home/00000/domains) 
[APP/Plugin/Timthumb/Vendor/timthumb.php, line 896

The path collides with a file, it's not possible to be a read/writable path even if open base dir were to permit it.

Identify the reason

The base path used is derived from server variables - does it contain index.php? :

protected function calcDocRoot(){
    $docRoot = @$_SERVER['DOCUMENT_ROOT'];
    if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
        $docRoot = LOCAL_FILE_BASE_DIRECTORY;   
    }   
    if(!isset($docRoot)){ 
        $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
        if(isset($_SERVER['SCRIPT_FILENAME'])){
            $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
            $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
        }   
    }   
    if(!isset($docRoot)){ 
        $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
        if(isset($_SERVER['PATH_TRANSLATED'])){
            $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
            $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
        }   
    }   
    if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
    $this->debug(3, "Doc root is: " . $docRoot);
    $this->docRoot = $docRoot;
}

If index.php doesn't come from the docRoot value - it's in the passed argument $src. Identify why or how $src contains an invalid path and correct the application code appropriately.