search

LibreSign / libresign

✍️ Nextcloud app to sign PDF documents
https://libresign.coop
488 stars 57 forks source link

Hardcoded /etc/debian file read attempts unhandled failure when open_basedir in effect #3985

Closed darkpoetry closed 2 days ago

darkpoetry commented 3 days ago

Describe the bug Attempts to determine if the OS is Debian accesses files outside the server root and causes complete failure at file selector stage of app use.

To Reproduce Steps to reproduce the behavior:

file_exists(): open_basedir restriction in effect. File(//etc/debian_version) is not within the allowed path(s): (/home/s/.composer:/home/s/web/cloud.s.com/public_html:/home/s/web/cloud.s.com/private:/home/s/web/cloud.s.com/public_shtml:/home/s/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt) at /home/s/web/cloud.s.com/public_html/apps/libresign/vendor/libresign/whatosami/src/OperatingSystem.php#105

Expected behavior Determines, assuming it has to, whether it's on Debian using some other means that does not involve attempting to access the filesystem outside the NC instance. Correctly selects a file and proceeds to next dialog.

Alternatively: Permit the debian / not debian to be a setting if it's necessary so that the app can operate when open_basedir is enabled, which is a key safeguard for securing php based servers.

Environment information (please complete the following information):

Additional context Similar to #1279

vitormattos commented 3 days ago

Will be fixed by this: https://github.com/LibreSign/whatosami/pull/1

vitormattos commented 2 days ago

Could you check again at the newest release of LibreSign?

I made changes at this point to check open_basedir before retrieve the file.

Closing this issue as solved.

If this issue persists, don't hesitate to open a new issue making reference to this.

[!NOTE]

If you like this app, don't hesitate to help us

Ways to help this project: