Search code examples
phpfat-free-frameworkopen-basedir

open_basedir issue on Fat-free framework

I have this following issue with open_basedir restrictions.

is_file(): open_basedir restriction in effect. File(/home/dev/bongos.com/vendor/bcosca/fatfree/lib/action/authaction.php) is not within the allowed path(s): (/home/Dev/bongos.com/:/tmp/)

The reason why the case differs in the paths is because of a f3 method.

protected function autoload($class) {
    $class=$this->fixslashes(ltrim($class,'\\'));
    $func=NULL;
    if (is_array($path=$this->hive['AUTOLOAD']) &&
        isset($path[1]) && is_callable($path[1]))
        list($path,$func)=$path;
    foreach ($this->split($this->hive['PLUGINS'].';'.$path) as $auto)
        if ($func && is_file($file=$func($auto.$class).'.php') ||
            is_file($file=$auto.$class.'.php') ||
            is_file($file=$auto.strtolower($class).'.php') ||
            is_file($file=strtolower($auto.$class).'.php'))
            return require($file);
}

on the second last line it converts the path to lowercase to checks if it exists. If it does, it fails with the error mentioned.

There is no way I may disable open_basedir or manipulate any standard f3 code.

EDIT

My autoload looks like this.

AUTOLOAD= Apps/
Solution

  • When you're calling the Action\AuthAction class, the framework autoloader is trying to find the 3 following files:

    1. Action/AuthAction.php inside PLUGINS: /home/Dev/bongos.com/vendor/bcosca/fatfree/lib/Action/AuthAction.php
    2. action/authaction.php inside PLUGINS: /home/Dev/bongos.com/vendor/bcosca/fatfree/lib/action/authaction.php
    3. action/authaction.php inside lowercase PLUGINS: /home/dev/bongos.com/vendor/bcosca/fatfree/lib/action/authaction.php

    The third attempt is throwing the open_basedir error. But that's just a side effect of the autoloader not finding the correct filepath. Without the open_basedir directive, you would have a class not found error.

    If you make sure the class filename has the correct case (either Action/AuthAction.php or action/authaction.php), the autoloader should find the file.

    However if you want to make sure the open_basedir doesn't mess with the autoloader in any situation, just set PLUGINS to ./, which is a relative path pointing to /home/Dev/bongos.com/vendor/bcosca/fatfree/lib/ by default (provided your application doesn't change directory).