[4] Media Manager fails with SymLinks

[HaJuSi-23]

Steps to reproduce the issue

All my images are on one domain, so I work with a symlink on index.php All other subdomains(3.9) working with this. Only the 4.0 Beta has got a problem to handle that. Result is --> "Joomla\CMS\Filesystem\Path::check() - Snooping out of bounds @ /mnt/....../htdocs/ksv23000/images/" and no Images in the list.

Expected result

Actual result

System information (as much as possible)

Additional comments

[HaJuSi-23]

Joomla! Version 4.0.0-beta4-dev
PHP Version 7.4.9
Identity    user
Response    200
Template    atum
Database    
ServermysqlVersion5.6.42-logCollationutf8_general_ciConn Collationutf8mb4_general_ci

$_GET
array:2 [ "option" => "com_media" "path" => "local-0:/" ]
$_POST
[]
$_SESSION
array:2 [ "PHPDEBUGBAR_STACK_DATA" => [] "joomla" => "TzoyNDoiSm9vbWxhXFJlZ2lzdHJ5XFJlZ2lzdHJ5Ij...
$_COOKIE
array:3 [ "wf_browser_dir" => "" "554c794a85683f20e9080da206be01cf" => "av7picjj52tsnv0ehigliege...
$_SERVER
array:47 [ "HTTP_HOST" => "www.ligatest.ksv-nesselblatt.de" "REMOTE_ADDR" => "31.18.238.55" "T...

session
array:4 [ "timer" => array:3 [ "start" => 1599887952 "last" => 1599888295 "now" => 159...
registry
array:3 [ "data" => [] "initialized" => false "separator" => "." ]
user
array:20 [ "id" => 290 "name" => "Administrator" "username" => "admin" "email" => "webmaster...
application
array:1 [ "queue" => [] ]

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30616.}

[ReLater]

Whenever you post code or code blocks please surround them with backticks. Then they are easier to read: https://docs.github.com/en/github/writing-on-github/basic-writing-and-formatting-syntax#quoting-code

One backtick for inline code.

3
backticks
around
multilne
code

Thank you!

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30616.}

[ReLater]

I don't understand

so I work with a symlink on index.php

Really index.php? Shouldn't it be /images/

[ReLater]

One of some more related issues (if we talk about /images/): https://github.com/joomla/joomla-cms/issues/24959

[HaJuSi-23]

On my Subdomains with cms 3.9.19 this syntax is working system wide well, on cms 4.0.0-beta4-dev Nightly Builds 12 September 2020 02:01:10 UTC it's not working well!? "symlink('/mnt/web101/...103/htdocs/ksv23000/images/', '/mnt/web101/...103/htdocs/ligatest/images');"

========================================================================================================= First test environment Provider: Strato Server Server: ??? Operating system: ??? Internet: speed 100Mb/s Page load-time: 731ms Browsers: Opera, Firefox, Chrome, Edge PHP Versions: 7.4.9 SQL Version: 5.6.42 UTF: 8_general_ci CMS: Nightly Builds 4.0.0.beta4-dev of 12.09.2020 02:01:10 UTC

Second test environment Provider: localhost xampp Computer: Intel Core I9-9900K 3.60GHz with 32GB RAM and NVIDIA RTX 2080S Operating system: Windows 10 Pro 64 Bit Internet: responce-time <1ms Page load-time: 407ms Browsers: Opera, Firefox, Chrome, Edge PHP Versions: 7.4.4 SQL Version: 10.4.11 UTF: 8_general_ci CMS: Nightly Builds 4.0.0.beta4-dev of 12.09.2020 02:01:10 UTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30616.}

[HaJuSi-23]

By the way, the JCE Filebrowser works well. The Joomla Mediamanger takes no result !?

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30616.}

[drmenzelit]

Is this still a problem?

[Quy]

Closing due to no response with additional info.

[ReLater]

Is this still a problem?

Yes, it is. Error throwing method Path::check has never been adapted to respect symlinks.

Joomla 4.1.5-dev, Joomla 4.1.4.

No issues with Joomla 3 sites with identical symlinks. Only Joomla 4.

Symlink from Joomla 4 folder: /www/htdocs/abcd/joomla4/images/

Symlink to /www/htdocs/abcd/images-ghsvs-symlink-target/

Error: Joomla\CMS\Filesystem\Path::check() - Snooping out of bounds @ /www/htdocs/abcd/images-ghsvs-symlink-target/

[ReLater]

Could someone please reopen this issue?

[ReLater]

Still an issue with J!4.2.5.

Is it possible to make the title of this issue more meaningful? Something like "[4] Media Manager fails with SymLinks" or so.

Thank you!

[ReLater]

And could you please remove the Information Required label. Thx again.

[source-factory]

Still an issue with J!4.3.2

[roland-d]

This is a real issue whenever you use a symlink for your images folder. In one particular website, a symlink for the images folder is used to link to a NAS where multiple sites use the same storage.

So I looked to see if there is a quick fix related to the symlinks but not that I can see. The particular block in the Path::check function has been in place since at least 28 May 2009.

This was not a problem in Joomla 3 because that function is never called, however the Local Adapter plugin calls it many times. The code is a bit misleading because it calls the function getLocalPath() but all this does is call the Path::check() function.

A quick fix here would be to strip out the Path::check() function and simply return the rootPath and provided path until symlink support is added to the Path::check() function.

[toddpage]

Would be nice if this was fixed!!!!

[toddpage]

Modded the following file:

/webdata/joomla/v009/libraries/src/Filesystem/Path.php

Commenteded out the following starting around line #171.

        $path = self::clean($path);
/*
        if ((JPATH_ROOT != '') && strpos($path, self::clean(JPATH_ROOT)) !== 0) {
            throw new \Exception(
                sprintf(
                    '%1$s() - Snooping out of bounds @ %2$s',
                    __METHOD__,
                    self::removeRoot($path)
                )
            );
        }
*/
        return $path;

Seems to have worked but still testing