MultiSafepay / woocommerce

MultiSafepay WooCommerce plugin
https://docs.multisafepay.com/docs/woocommerce
10 stars 2 forks source link

open_basedir restriction in effect #6

Closed Twansparant closed 4 years ago

Twansparant commented 4 years ago

Hi there,

When I enable the plugin, I get this warning on my frontend and in my server error logs:

Warning: is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /srv/www/example.com/current/web/wp/wp-admin/includes/misc.php on line 259

which is: https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/misc.php#L259 When I disable the plugin, they're gone.

Don't understand where it's coming from. I've been looking for any function calls to is_writable in the plugins code, or any references to a htaccess file (which I don't have because I use Nginx) or any flushing or rewrites, but can't find any.

When I add / as path to my php_admin_value open_basedir values, the warning disappears?

Jasper-MultiSafepay commented 4 years ago
Twansparant commented 4 years ago

Could you do a backtrace to see how it got there?

Sure, but there's not much of a backtrace. After enabling the plugin this is added to my error.log on every front page load:

2019/11/15 08:20:33 [error] 1494#1494: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  is_writable(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/srv/www/:/tmp) in /srv/www/mydomain.com/current/web/wp/wp-admin/includes/misc.php on line 259
PHP message: PHP Stack trace:
PHP message: PHP   1. {main}() /srv/www/mydomain.com/current/web/index.php:0
PHP message: PHP   2. require() /srv/www/mydomain.com/current/web/index.php:5
PHP message: PHP   3. require_once() /srv/www/mydomain.com/current/web/wp/wp-blog-header.php:13
PHP message: PHP   4. require_once() /srv/www/mydomain.com/current/web/wp/wp-load.php:42
PHP message: PHP   5. require_once() /srv/www/mydomain.com/current/web/wp-config.php:9
PHP message: PHP   6. do_action() /srv/www/mydomain.com/current/web/wp/wp-settings.php:545
PHP message: PHP   7. WP_Hook->do_action() /srv/www/mydomain.com/current/web/wp/wp-includes/plugin.php:478
PHP message: PHP   8. WP_Hook->apply_filters() /srv/www/mydomain.com/current/web/wp/wp-includes/class-wp-hook.php:312
PHP message: PHP   9. WP_Rewrite->flush_rules() /srv/www/mydomain.com/current/web/wp/wp-includes/class-wp-hook.php:288
PHP message: PHP  10. save_mod_rewrite_rules() /srv/www/mydomain.com/current/web/wp/wp-includes/class-wp-rewrite.php:1820
PHP message: PHP  11. is_writable() /srv/www/mydomain.com/current/web/wp/wp-admin/includes/misc.php:259" while reading response header from upstream, client: 192.168.50.1, server: qwic.test, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm-wordpress.sock:", host: "mydomain.test"

I'm using the LEMP stack from Trellis and Bedrock as boilerplate for Wordpress.

Is this with any plugin or only ours?

I'm afraid only with yours... When I disable your plugin, the warnings dissapear.

Jasper-MultiSafepay commented 4 years ago

We have put some time into this, but we are unable to reproduce this warning. The closest thing we could find about this is the following link: https://discourse.roots.io/t/open-basedir-restriction-in-effect-error/2796/

Or it could be that the WordPress Address or Site Address url is not correctly filled in? As can be deduced from https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/file.php#L105-L107

But for now we will close this issue as it does not seem to be caused by our plugin.