Php 警告:文件\u exists()[函数.file exists]:打开\u basedir限制生效。文件(/usr/local/apache/bin/apachectl)
首先,很抱歉标题太长,我从来没有想到会出现这个错误,所以我不知道如何描述它 我得到了这个错误:Php 警告:文件\u exists()[函数.file exists]:打开\u basedir限制生效。文件(/usr/local/apache/bin/apachectl),php,open-basedir,Php,Open Basedir,首先,很抱歉标题太长,我从来没有想到会出现这个错误,所以我不知道如何描述它 我得到了这个错误: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/local/apache/bin/apachectl) is not within the allowed path(s): (/home/:/backup/:/tmp/) in /home/xxxxx/public_
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/local/apache/bin/apachectl) is not within the allowed path(s): (/home/:/backup/:/tmp/) in /home/xxxxx/public_html/plugins/system/jch_optimize/jchoptimize/helper.php on line 176
<?php
use JchOptimize\JSMinRegex;
/**
* JCH Optimize - Joomla! plugin to aggregate and minify external resources for
* optmized downloads
* @author Samuel Marshall <sdmarshall73@gmail.com>
* @copyright Copyright (c) 2010 Samuel Marshall
* @license GNU/GPLv3, See LICENSE file
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* If LICENSE file missing, see <http://www.gnu.org/licenses/>.
*
* This plugin, inspired by CssJsCompress <http://www.joomlatags.org>, was
* created in March 2010 and includes other copyrighted works. See individual
* files for details.
*/
defined('_JEXEC') or die('Restricted access');
/**
* Some helper functions
*
*/
class JchOptimizeHelper
{
/**
* Checks if file (can be external) exists
*
* @param type $sPath
* @return boolean
*/
public static function fileExists($sPath)
{
//global $_PROFILER;
//JCH_DEBUG ? $_PROFILER->mark('beforeFileExists - ' . $sPath . ' plgSystem (JCH Optimize)') : null;
$bExists = (file_exists($sPath) || @fopen($sPath, "r") != FALSE);
//JCH_DEBUG ? $_PROFILER->mark('afterFileExists - ' . $sPath . ' plgSystem (JCH Optimize)') : null;
return $bExists;
}
/**
* Get local path of file from the url if internal
* If external or php file, the url is returned
*
* @param string $sUrl Url of file
* @return string File path
*/
public static function getFilePath($sUrl)
{
// global $_PROFILER;
//JCH_DEBUG ? $_PROFILER->mark('beforeGetFilePath - ' . $sUrl . ' plgSystem (JCH Optimize)') : null;
$sUriBase = str_replace('/administrator/', '', JUri::base());
$sUriPath = str_replace('/administrator', '', JUri::base(TRUE));
$oUri = clone JUri::getInstance($sUriBase);
if (JchOptimizeHelper::isInternal($sUrl) && !preg_match('#\.php#i', $sUrl))
{
$sUrl = preg_replace(
array(
'#^' . preg_quote($sUriBase, '#') . '#',
'#^' . preg_quote($sUriPath, '#') . '/#',
'#\?.*?$#'
), '', $sUrl);
//JCH_DEBUG ? $_PROFILER->mark('afterGetFilePath - ' . $sUrl . ' plgSystem (JCH Optimize)') : null;
return JPATH_ROOT . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $sUrl);
}
else
{
switch (TRUE)
{
case preg_match('#://#', $sUrl):
break;
case (substr($sUrl, 0, 2) == '//'):
$sUrl = $oUri->toString(array('scheme')) . substr($sUrl, 2);
break;
case (substr($sUrl, 0, 1) == '/'):
$sUrl = $oUri->toString(array('scheme', 'host')) . $sUrl;
break;
default:
$sUrl = $sUriBase . $sUrl;
break;
}
//JCH_DEBUG ? $_PROFILER->mark('afterGetFilePath - ' . $sUrl . ' plgSystem (JCH Optimize)') : null;
return html_entity_decode($sUrl);
}
}
/**
* Gets the name of the current Editor
*
* @staticvar string $sEditor
* @return string
*/
public static function getEditorName()
{
static $sEditor;
if (!isset($sEditor))
{
$sEditor = JFactory::getUser()->getParam('editor');
$sEditor = !isset($sEditor) ? JFactory::getConfig()->get('editor') : $sEditor;
}
return $sEditor;
}
/**
* Determines if file is internal
*
* @param string $sUrl Url of file
* @return boolean
*/
public static function isInternal($sUrl)
{
$oUrl = JUri::getInstance($sUrl);
//trying to resolve bug in php with parse_url before 5.4.7
if (preg_match('#^//([^/]+)(/.*)$#i', $oUrl->getPath(), $aMatches))
{
if (!empty($aMatches))
{
$oUrl->setHost($aMatches[1]);
$oUrl->setPath($aMatches[2]);
}
}
$sBase = $oUrl->toString(array('scheme', 'host', 'port', 'path'));
$sHost = $oUrl->toString(array('scheme', 'host', 'port'));
if (stripos($sBase, JUri::base()) !== 0 && !empty($sHost))
{
return FALSE;
}
return TRUE;
}
/**
*
* @staticvar string $sContents
* @return boolean
*/
public static function modRewriteEnabled()
{
if (function_exists('apache_get_modules'))
{
return (in_array('mod_rewrite', apache_get_modules()));
}
elseif (file_exists('/usr/local/apache/bin/apachectl'))
{
return (strpos(shell_exec('/usr/local/apache/bin/apachectl -l'), 'mod_rewrite') !== false);
}
else
{
static $sContents = '';
if ($sContents == '')
{
$oFileRetriever = JchOptimizeFileRetriever::getInstance($GLOBALS['oParams']);
$sJbase = JUri::base(true);
$sBaseFolder = $sJbase == '/' ? $sJbase : $sJbase . '/';
$sUrl = JUri::base() . 'plugins/system/jch_optimize/assets' . $sBaseFolder . 'test_mod_rewrite';
if (!$oFileRetriever->isUrlFOpenAllowed())
{
return FALSE;
}
$sContents = $oFileRetriever->getFileContents($sUrl);
}
if ($sContents == 'TRUE')
{
return TRUE;
}
else
{
return FALSE;
}
}
}
/**
*
* @param type $aArray
* @param type $sString
* @return boolean
*/
public static function findExcludes($aArray, $sString, $bScript=FALSE)
{
foreach ($aArray as $sValue)
{
if($bScript)
{
$sString = JSMinRegex::minify($sString);
}
if ($sValue && strpos($sString, $sValue) !== FALSE)
{
return TRUE;
}
}
return FALSE;
}
}
此脚本希望打开“/usr/local/apache/bin/apachectl”,但服务器宿主不允许这样做
请看第176行:
elseif (file_exists('/usr/local/apache/bin/apachectl'))
删除这些行似乎是安全的。open\u basedir
是一种服务器配置安全措施,用于禁止在webroot之外访问文件(通常)
这可以防止脚本读取服务器上的随机文件。如果您的服务器已经受损open\u basedir
可以帮助减少受损的影响
一般来说,这是一件好事,但你似乎想做一些有点可疑的事情
查看您的php.ini
或httpd.conf
,您可以在那里禁用它
看起来这个脚本想要检查该文件夹中的插件。这是一种糟糕的做法,使用apache_get_模块是正确的。您可以简单地删除有问题的代码
这个脚本甚至尝试了一个shell\u exec
,这就是为什么你必须非常小心地处理你在互联网上找到的随机代码。在这种情况下,它不是恶意的,只是很奇怪。嘿,thx为伟大的解释和提示,但是,这不是随机代码,我在Joomla扩展目录中获得了该插件。你完全正确,这是一个安全功能,我也认为它不应该被禁用,所以我的解决办法就是删除jreuab建议的那一行?是的,那一行和它后面的代码块(使用shell\u exec
)好的,先生,我会这样做,并让你知道是否有什么工作,:)我这样做了:/*elseif(文件_exists('/usr/local/apache/bin/apachectl')){return(strpos(shell_exec('/usr/local/apache/bin/apachectl-l'),'mod_rewrite')!==false);}else*/
可以吗?