Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validator\File\MimeType open_basedir error not handled #202

Closed
smartexcan opened this issue Aug 15, 2023 · 3 comments
Closed

Validator\File\MimeType open_basedir error not handled #202

smartexcan opened this issue Aug 15, 2023 · 3 comments
Assignees
@gsteel
Labels
Bug Something isn't working

Comments

@smartexcan
Copy link

Bug Report

Q A
Version(s) 2.35.0

Summary

open_basedir errors are not handled in getMagicFile(), as it is trying to catch an exception, but no exception is thrown if is_file() is called on a file outside the open_basedir restriction.

Current behavior

If getMagicFile() tries to auto-discover the magic file from one of the common locations, and one of those files is not in the open_basedir restriction, an error is raised.

laminas-validator/src/File/MimeType.php

Lines 166 to 172 in 5fafe1e

foreach ($this->magicFiles as $file) {
try {
$this->setMagicFile($file);
} catch (Exception\ExceptionInterface) {
// suppressing errors which are thrown due to open_basedir restrictions
continue;
}

No error handler is set when is_file() is called in setMagicFile(), so no exception gets thrown, resulting in the error propagating upward.

Warning: is_file(): open_basedir restriction in effect. File(/usr/share/misc/magic) is not within the allowed path(s): (/home/test/:/tmp:/var/tmp:/opt/alt/php81/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php81/lib/php/) in /home/test/public_html/vendor/laminas/laminas-validator/src/File/MimeType.php on line 208

How to reproduce

// open_basedir set as "/home/test/:/tmp:/var/tmp:/opt/alt/php81/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php81/lib/php/"
$mimeValidator = new \Laminas\Validator\File\MimeType([]);
$valid = $mimeValidator->isValid('/home/test/public_html/tmp/test.jpg');

Expected behavior

open_basedir error should be handled, possibly by using \Laminas\Stdlib\ErrorHandler or by other means, and exception should be caught, to allow continuing as intended.
@smartexcan smartexcan added the Bug Something isn't working label Aug 15, 2023
@Ocramius
Copy link
Member

I don't think this code should be aware of the existence of open_basedir() at all: it's an extension that messes with filesystem built-in procedures, and IMO it should not be accounted for when the built-in procedures are integrated as per their original documentation.

@smartexcan
Copy link
Author

I suppose that is true, and it's not really my decision is there should be code to account for it in here or not.
Only submitting this issue as the code that was already implemented to handle the error didn't actually handle the error.

@gsteel
Copy link
Member

gsteel commented Jul 11, 2024

Magic file options/usage is being removed in 3.0 - ref #340 and this issue won't be resolved in the 2.x series

@gsteel gsteel closed this as not planned Won't fix, can't repro, duplicate, stale Jul 11, 2024
@gsteel gsteel self-assigned this Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gsteel gsteel

Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ocramius @gsteel @smartexcan