Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: lib/private/Template/ResourceLocator.php line 100 path error in is_file #44711

Closed
5 of 8 tasks
unnilennium opened this issue Apr 8, 2024 · 3 comments
Closed
5 of 8 tasks
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 28-feedback bug

Comments

@unnilennium
Copy link

⚠️ This issue respects the following points: ⚠️

Bug description

freshly updated NC 28.0.4. I get a lot of errors like this one:
is_file(): open_basedir restriction in effect. File(/usr/share/nextcloudapps//core/l10n/fr.js) is not within the allowed path(s): (/usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/x/x/nextcloud) at /usr/share/nextcloud/lib/private/Template/ResourceLocator.php#100

server is installed under /usr/share/nextcloud and not /usr/share/nextcloudapps/ looking at the code
if ($root !== false && is_file($root.'/'.$file))
it seems that $root gets wrong

Steps to reproduce

  1. upgrade nextcloud to 28.0.* from NC 27
  2. see the nice alert "49 erreurs dans les journaux depuis 1 avril 2024" growing
    3.check log

Expected behavior

no error reported
NC root detected correctly

Installation method

Other Community project

Nextcloud Server version

28

Operating system

RHEL/CentOS

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

#  occ config:list system
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "atlas.x.x.com",
            "1": "atlas",
            "2": "qc.x.com",
            "3": "localhost",
            "4": "192.x.x.1",
            "5": "69.x.x.x",
            "10": "cloud.x.com",
            "99": "cloud.x.com"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "28.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.pialasse.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "maintenance": false,
        "theme": "",
        "loglevel": "3",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 60",
        "app_install_overwrite": [
            "files_reader",
            "files_external_dropbox",
            "externalpassword"
        ],
        "updater.release.channel": "stable",
        "filesystem_check_changes": "1",
        "htaccess.IgnoreFrontController": "true",
        "htaccess.RewriteBase": "\/",
        "skeletondirectory": "\/home\/x\/x\/nextcloud\/skeleton",
        "mysql.utf8mb4": true,
        "default_phone_region": "ca",
        "allow_local_remote_servers": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "onlyoffice": {
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "Authorization"
        },
        "memories.exiftool_no_local": true,
        "memories.vod.path": "\/usr\/share\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
        "simpleSignUpLink.shown": false,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379",
            "timeout": "0.0",
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "memories.db.triggers.fcu": true,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

# occ app:list
Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - bookmarks: 13.1.3
  - bruteforcesettings: 2.8.0
  - calendar: 4.6.7
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dav: 1.29.1
  - dicomviewer: 2.1.1
  - externalpassword: 1.1.0
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_archive: 1.2.3
  - files_external: 1.20.0
  - files_inotify: 0.2.0
  - files_linkeditor: 1.1.19
  - files_mindmap: 0.0.30
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - forms: 4.1.1
  - geoblocker: 0.5.13
  - groupfolders: 16.0.6
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - mail: 3.5.7
  - maps: 1.3.1
  - memories: 7.2.0
  - music: 1.10.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - onlyoffice: 9.0.0
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recognize: 6.1.1
  - related_resources: 1.3.0
  - richdocuments: 8.3.3
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - suspicious_login: 6.0.0
  - systemtags: 1.18.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - twofactor_nextcloud_notification: 3.9.0
  - updatenotification: 1.18.0
  - user_ldap: 1.19.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - circles: 28.0.0 (installed 25.0.0)
  - dashboard: 7.8.0 (installed 7.0.0)
  - duplicatefinder: 1.1.4 (installed 1.1.4)
  - encryption: 2.16.0
  - extract: 1.3.6 (installed 1.3.6)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_external_dropbox: 1.4.3 (installed 1.4.3)
  - files_retention: 1.16.0 (installed 1.16.0)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - firstrunwizard: 2.17.0 (installed 2.14.0)
  - libresign: 7.1.1 (installed 7.1.1)
  - ocr: 6.0.58 (installed 6.0.58)
  - pdfdraw: 0.1.2 (installed 0.1.2)
  - polls: 5.4.3 (installed 5.4.3)
  - printer: 0.0.5 (installed 0.0.5)
  - recommendations: 2.0.0 (installed 0.5.0)
  - sensorlogger: 0.1.4 (installed 0.1.4)
  - snappymail: 2.36.0 (installed 2.36.0)
  - twofactor_totp: 10.0.0-beta.2
  - unsplash: 2.2.1 (installed 2.2.1)
  - workflow_pdf_converter: 1.12.0 (installed 1.12.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"rqI64Su3ezjk9hG9Jh9s","level":3,"time":"2024-04-08T04:56:14+00:00","remoteAddr":"192.168.12.19","user":"jppialasse","app":"PHP","method":"GET","url":"/settings/admin/logging","message":"is_file(): open_basedir restriction in effect. File(/usr/share/nextcloudapps//core/l10n/fr.js) is not within the allowed path(s): (/usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/x/x/nextcloud) at /usr/share/nextcloud/lib/private/Template/ResourceLocator.php#100","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0","version":"28.0.4.1","data":{"app":"PHP"},"id":"661378f03d6e7"}

Additional info

No response

@unnilennium unnilennium added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Apr 8, 2024
@SystemKeeper
Copy link
Contributor

Please see #44413

@joshtrichards
Copy link
Member

Fixed in #44408 / #44413

@unnilennium Feel free to manually make the small change that is in the PR if you don't wish to wait official v28.0.5. Also you can let us know if it works/doesn't work for you. :)

@unnilennium
Copy link
Author

confirming that applying the patch on prod fixes the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 28-feedback bug
Projects
None yet
Development

No branches or pull requests

4 participants