Open AnnoyingTechnology opened 8 months ago
Apparently, there is an @ already, but that doesn't cut it.
return strlen($path) < PHP_MAXPATHLEN && @is_file($path) && is_readable($path);
https://github.com/matthiasmullie/minify/blob/master/src/Minify.php#L504
Context: I only pass local CSS files to Minify, all of them allowed by openbasedir.
Minify scans the contents of the CSS files, and runs is_file() on base64 encoded contents and other stuff contained within the CSS files.
Examples :
'500 is_file(): open_basedir restriction in effect. File(/#default#VML) is not within the allowed path(s): (REDACTED) at line 461 in /var/www/domains/REDACTED/matthiasmullie/minify/src/Minify.php',
500 is_file(): open_basedir restriction in effect. File(/data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALA[...]AAAAAA=) is not within the allowed path(s): (REDACTED) at line 504 in /var/www/REDACTED/matthiasmullie/minify/src/Minify.php',
Expected behavior :