search

nextcloud / contacts

📇 Contacts app for Nextcloud
https://apps.nextcloud.com/apps/contacts
GNU Affero General Public License v3.0
571 stars 172 forks source link

file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s) #3019

Open solracsf opened 2 years ago

solracsf commented 2 years ago

Describe the bug

It looks like the tree is not complete so the file_exists call is wrong:

File (/files) is not within the allowed path(s)

{
    "file": "/nextcloud/apps/contacts/lib/Dav/PatchPlugin.php",
    "line": 73,
    "function": "nodeExists",
    "class": "Sabre\\DAV\\Tree",
    "type": "->",
    "args": [
      "files/user/SAM/MARCHES 2021/DAE AMOE/FE_AMOE_2021_lot_9-V0.docx"
    ]
},

Full:

{
  "reqId": "oID6zwGuA53b05L6SeHD",
  "level": 3,
  "time": "2022-10-05T12:30:06+02:00",
  "remoteAddr": "138.195.208.52",
  "user": "--",
  "app": "PHP",
  "method": "HEAD",
  "url": "/remote.php/dav/files/user/SAM/MARCHES%202021/DAE%20AMOE/FE_AMOE_2021_lot_9-V0.docx",
  "message": "file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/nextcloud:/dev/urandom) at /nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78",
  "userAgent": "Microsoft Office Existence Discovery",
  "version": "23.0.9.1",
  "exception": {
    "Exception": "Error",
    "Message": "file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/nextcloud:/dev/urandom) at /nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78",
    "Code": 0,
    "Trace": [
      {
        "function": "onError",
        "class": "OC\\Log\\ErrorHandler",
        "type": "::",
        "args": [
          2,
          "file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/nextcloud:/dev/urandom)",
          "/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php",
          78
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php",
        "line": 78,
        "function": "file_exists",
        "args": [
          "/files"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 70,
        "function": "getChild",
        "class": "Sabre\\DAV\\FS\\Directory",
        "type": "->",
        "args": [
          "files"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 73,
        "function": "getNodeForPath",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 73,
        "function": "getNodeForPath",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files/user"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 73,
        "function": "getNodeForPath",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files/user/SAM"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 73,
        "function": "getNodeForPath",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files/user/SAM/MARCHES 2021"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php",
        "line": 106,
        "function": "getNodeForPath",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files/user/SAM/MARCHES 2021/DAE AMOE"
        ]
      },
      {
        "file": "/nextcloud/apps/contacts/lib/Dav/PatchPlugin.php",
        "line": 73,
        "function": "nodeExists",
        "class": "Sabre\\DAV\\Tree",
        "type": "->",
        "args": [
          "files/user/SAM/MARCHES 2021/DAE AMOE/FE_AMOE_2021_lot_9-V0.docx"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 528,
        "function": "getHTTPMethods",
        "class": "OCA\\Contacts\\Dav\\PatchPlugin",
        "type": "->",
        "args": [
          "files/user/SAM/MARCHES 2021/DAE AMOE/FE_AMOE_2021_lot_9-V0.docx"
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
        "line": 212,
        "function": "getAllowedMethods",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          "files/user/SAM/MARCHES 2021/DAE AMOE/FE_AMOE_2021_lot_9-V0.docx"
        ]
      },
      {
        "file": "/nextcloud/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php",
        "line": 76,
        "function": "httpOptions",
        "class": "Sabre\\DAV\\CorePlugin",
        "type": "->",
        "args": [
          {
            "__class__": "Sabre\\HTTP\\Request"
          },
          {
            "__class__": "Sabre\\HTTP\\Response"
          }
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
        "line": 89,
        "function": "handleAnonymousOptions",
        "class": "OCA\\DAV\\Connector\\Sabre\\AnonymousOptionsPlugin",
        "type": "->",
        "args": [
          {
            "__class__": "Sabre\\HTTP\\Request"
          },
          {
            "__class__": "Sabre\\HTTP\\Response"
          }
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 456,
        "function": "emit",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          "beforeMethod:HEAD",
          [
            {
              "__class__": "Sabre\\HTTP\\Request"
            },
            {
              "__class__": "Sabre\\HTTP\\Response"
            }
          ]
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 253,
        "function": "invokeMethod",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          {
            "__class__": "Sabre\\HTTP\\Request"
          },
          {
            "__class__": "Sabre\\HTTP\\Response"
          }
        ]
      },
      {
        "file": "/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 321,
        "function": "start",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/nextcloud/apps/dav/lib/Server.php",
        "line": 339,
        "function": "exec",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/nextcloud/apps/dav/appinfo/v2/remote.php",
        "line": 35,
        "function": "exec",
        "class": "OCA\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/nextcloud/remote.php",
        "line": 166,
        "args": [
          "/nextcloud/apps/dav/appinfo/v2/remote.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/nextcloud/lib/private/Log/ErrorHandler.php",
    "Line": 92,
    "CustomMessage": "--"
  },
  "id": "633d6bba0b86d"
}

Steps to reproduce

Windows 10 WebDAV access.

Expected behavior

Correct server tree.

Actual behavior

Wrong server tree, resulting in open_basedir error.

Contact version

4.2.2

Operating system

No response

PHP engine version

PHP 8.0

Web server

Apache (supported)

Database

MariaDB

Additional info

No response

dafi87 commented 1 year ago

I'm seeing this too.

NC 27.0.1 PHP 8.1

dafi87 commented 1 year ago

I feel like this should rather be reported in https://github.com/nextcloud/server