$file is not located in the allowed paths

[SvenJuergens]

after update to TYPO3 11.5.1, i got the Error:

' $file is not located in the allowed paths'

That always happens when files are included from a site package. Seems to be related to this change https://github.com/TYPO3/typo3/commit/c86b292962c7d54a66aa9254af5ba00dcbfe6a8f

[cyMarvin]

@SvenJuergens I got the same error. You can resolve this for now by adding the composer packages' extension symlinks to "addAllowedPaths", e.g. by adding the following to your AdditionalConfiguration.php or your ext_localconf.php.

$paths = '/typo3conf/ext/site_package/, /typo3conf/ext/other_ext/';
if (!empty($GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'])) {
    $GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'] .= ', ' . $paths;
} else {
    $GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'] = $paths;
}

I think this check should be replaced or removed from the extension, since the description for "addAllowedPaths" claims it to be for TypoScript files only.

[SvenJuergens]

@cyMarvin that seems like an easier workaround, you're right. But then it is a solution that has to be adapted in each project itself, and "typo3conf/ext" is always already present in the allowedPaths array. With the use of "addAllowedPaths", entries are created in the array that should not actually be necessary. But if you are affected by the problem yourself, your solution is at the moment the better one as it does not require any code adaptation of a 3rd party extension. :)

[svewap]

I released a new version 1.2.0 today. This version comes without using FilePathSanitizer which is now possible in TYPO3 11.

[SvenJuergens]

Thanks @svewap , then I'll close here too

Best Regards Sven