not within the allowed path - warning after installation

Post Reply

9 posts Page 1 of 1

not within the allowed path - warning after installation

todavy

New member

Posts

Joined

Tue Jun 10, 2014 5:00 pm

Post by todavy » Thu Oct 05, 2017 5:34 am

Everytime I reinstall OC 3.0.2.0 on my webserver I get this warning at the top of the admin page:

Code: Select all

Warning: realpath(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpdocs/:/tmp/) in /home/httpd/vhosts/mydomain.com/httpdocs/admin/controller/common/security.php on line 26

It disappears if I change

Code: Select all

$data['document_root'] = str_replace('\\', '/', realpath($this->request->server['DOCUMENT_ROOT'] . '/../') . '/');<br />

Code: Select all

$data['document_root'] = str_replace('\\', '/', realpath($this->request->server['DOCUMENT_ROOT'] . '') . '/');

in the file admin/controller/common/security.php
Is this a bug or just some security problem on my webserver? Would my code change affect some other function? $:-\$

todavy

New member

Posts

Joined

Tue Jun 10, 2014 5:00 pm

Re: not within the allowed path - warning after installation

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Post by bonnie65 » Fri Oct 27, 2017 1:32 pm

I tried what you said and it worked.

I don't know if it's a bug or what but it was happening to me also until I did what you suggested above.
I hope someone will address this soon for both of us but for the time being I'm with what you did.

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Re: not within the allowed path - warning after installation

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location

Canada, ON

Post by straightlight » Fri Oct 27, 2017 8:35 pm

This issue has now been addressed.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location - Canada, ON

Re: not within the allowed path - warning after installation

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Post by bonnie65 » Sat Oct 28, 2017 12:25 pm

But my question is by doing the edit above does it create a security issues or not?

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Re: not within the allowed path - warning after installation

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location

Canada, ON

Post by straightlight » Sat Oct 28, 2017 9:41 pm

If the root path of your domain has been restricted not to go beyond any parent paths on your FTP, it would not create any leaks at this point. Although, the original code may also not prevent anyone to try to change directory to a prior folder when the root path is not restricted still. Which means, your provided solution will not make any difference based on folders security but only the accessibility.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location - Canada, ON

Re: not within the allowed path - warning after installation

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Post by bonnie65 » Sun Oct 29, 2017 11:49 am

Thank you straightlight

At least i know I'm covered then because when on my live server (VPS) I shut down ftp after I've uploaded everything any way.

bonnie65

Newbie

Posts

Joined

Sat Sep 30, 2017 3:38 pm

Re: not within the allowed path - warning after installation

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location

Canada, ON

Post by straightlight » Sun Oct 29, 2017 8:47 pm

bonnie65 wrote: ↑
Sun Oct 29, 2017 11:49 am
Thank you straightlight

At least i know I'm covered then because when on my live server (VPS) I shut down ftp after I've uploaded everything any way.

Wise precaution. Although, if you need to edit PHP files from your file manager host console, ensure to re-upload the files with the right charset settings. Otherwise, your files might get corrupted.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight

Legendary Member

Posts

22525

Joined

Mon Nov 14, 2011 11:38 pm

Location - Canada, ON

Re: not within the allowed path - warning after installation

freebox

Newbie

Posts

Joined

Tue Aug 27, 2013 10:47 pm

Post by freebox » Wed Feb 21, 2018 10:52 am

This problem still occurs. The script should not require an executable path for PHP in its parent directory, over DOCUMENT_ROOT.

freebox

Newbie

Posts

Joined

Tue Aug 27, 2013 10:47 pm

Re: not within the allowed path - warning after installation

IP_CAM

Legendary Member

Posts

13060

Joined

Tue Mar 04, 2014 1:37 am

Location

Switzerland

Post by IP_CAM » Wed Feb 21, 2018 1:40 pm

One of those could possibly be of help in such situations:
---
GGW Installer fix Allow ALL directories to be written
https://www.opencart.com/index.php?rout ... n_id=31130
---
Remove "Important Security Notification" 3.x
https://www.opencart.com/index.php?rout ... n_id=31807
----

My Github OC Site: https://github.com/IP-CAM
5'600 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.

IP_CAM

Legendary Member

Posts

13060

Joined

Tue Mar 04, 2014 1:37 am

Location - Switzerland

Post Reply

Jump to

Return to “Installation, Upgrade, & Config Support” Return to “Installation, Upgrade, & Config Support”

Who is online

Users browsing this forum: No registered users and 7 guests

not within the allowed path - warning after installation

Sign up to our newsletter