New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openbasedir restrictions throws exception with is_file() #417

Open

AnnoyingTechnology opened this issue Jan 25, 2024 · 1 comment

Contributor

AnnoyingTechnology commented Jan 25, 2024

Context: I only pass local CSS files to Minify, all of them allowed by openbasedir.

Minify scans the contents of the CSS files, and runs is_file() on base64 encoded contents and other stuff contained within the CSS files.

Examples :

'500 is_file(): open_basedir restriction in effect. File(/#default#VML) is not within the allowed path(s): (REDACTED) at line 461 in /var/www/domains/REDACTED/matthiasmullie/minify/src/Minify.php',
500 is_file(): open_basedir restriction in effect. File(/data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALA[...]AAAAAA=) is not within the allowed path(s): (REDACTED) at line 504 in /var/www/REDACTED/matthiasmullie/minify/src/Minify.php',

Expected behavior :

Minify should either catch these exceptions or use an intermediary function to check if it looks like an actual filename

The text was updated successfully, but these errors were encountered:

Contributor Author

AnnoyingTechnology commented Jan 25, 2024

Apparently, there is an @ already, but that doesn't cut it.

return strlen($path) < PHP_MAXPATHLEN && @is_file($path) && is_readable($path);

https://github.com/matthiasmullie/minify/blob/master/src/Minify.php#L504

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment