Support ⇒ Troubleshootings :: Archives ⇒ open_basedir restriction related problem :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexTroubleshootings

Archived ⇒ open_basedir restriction related problem


The upload picture functionality in the photo gallery isn't compatibile with this setting, if it can't access /tmp, it would be wise to move the temporary file to a temporary dir specified in some config variable to make the script work with this restriction in effect.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Gentoo Linux and Windows 2003 server, CPGNuke 9.0.1.x


Is already in CVS but it does cause other security issues.
On the dutch community i've posted a english email which i send to someone his host after he got trouble with open_basedir AND safe_mode restrictions.

The mail will globally explain a few things about bad/terrible hosts.
So if we fix the open_basedir issue, another security issue could rise.

Read it here: cpgnuke.gehost.nl/inde...=2571#2571

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


link is dead ... any other way to read the email?
[edit]got lot of info by searching google[/edit]

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


I will explain again:

When a server has open_basedir active you mostly don't have access to the /tmp directory, and then uploaded files are inaccessible.
Due to that the host should setup a temporary directory for each customer separately like /home/your_name/tmp so that uploaded files can be stored safely.

If he doesn't do that PHP must execute move_uploaded_file first to a directory where it has access to, so that we can read and verify the uploaded file.
Due to that the file is stored publicly and a small security issue arises since anyone can access/execute the file.

safe_mode is a problem on terrible servers when it runs as mod_php instead of cgi since safe_mode is designed for suexec.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

All times are UTC