You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
open_basedir errors are not handled in getMagicFile(), as it is trying to catch an exception, but no exception is thrown if is_file() is called on a file outside the open_basedir restriction.
Current behavior
If getMagicFile() tries to auto-discover the magic file from one of the common locations, and one of those files is not in the open_basedir restriction, an error is raised.
// suppressing errors which are thrown due to open_basedir restrictions
continue;
}
No error handler is set when is_file() is called in setMagicFile(), so no exception gets thrown, resulting in the error propagating upward.
Warning: is_file(): open_basedir restriction in effect. File(/usr/share/misc/magic) is not within the allowed path(s): (/home/test/:/tmp:/var/tmp:/opt/alt/php81/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php81/lib/php/) in /home/test/public_html/vendor/laminas/laminas-validator/src/File/MimeType.php on line 208
How to reproduce
// open_basedir set as "/home/test/:/tmp:/var/tmp:/opt/alt/php81/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php81/lib/php/"$mimeValidator = new \Laminas\Validator\File\MimeType([]);
$valid = $mimeValidator->isValid('/home/test/public_html/tmp/test.jpg');
Expected behavior
open_basedir error should be handled, possibly by using \Laminas\Stdlib\ErrorHandler or by other means, and exception should be caught, to allow continuing as intended.
The text was updated successfully, but these errors were encountered:
I don't think this code should be aware of the existence of open_basedir() at all: it's an extension that messes with filesystem built-in procedures, and IMO it should not be accounted for when the built-in procedures are integrated as per their original documentation.
I suppose that is true, and it's not really my decision is there should be code to account for it in here or not.
Only submitting this issue as the code that was already implemented to handle the error didn't actually handle the error.
Bug Report
Summary
open_basedir errors are not handled in
getMagicFile()
, as it is trying to catch an exception, but no exception is thrown ifis_file()
is called on a file outside the open_basedir restriction.Current behavior
If getMagicFile() tries to auto-discover the magic file from one of the common locations, and one of those files is not in the open_basedir restriction, an error is raised.
laminas-validator/src/File/MimeType.php
Lines 166 to 172 in 5fafe1e
No error handler is set when
is_file()
is called in setMagicFile(), so no exception gets thrown, resulting in the error propagating upward.How to reproduce
Expected behavior
open_basedir error should be handled, possibly by using
\Laminas\Stdlib\ErrorHandler
or by other means, and exception should be caught, to allow continuing as intended.The text was updated successfully, but these errors were encountered: