rob_dewing Posted August 23 Share Posted August 23 I've updated a site from Cubecart 6.2.x to 6.5.5 and now the product sort order 'sort by' box in the category pages on the front end when you change the sort order returns a 404 page with the message 'category doesn't exist'. When I run error reporting on any page of the site there's about 15 warnings or more along the lines of: /home/northerwood/G0DG68Q0/htdocs/ronlines/classes/somefilename - file_exists() [function.file-exists.php]: open_basedir restriction in effect. File [somefilename] is not within the allowed path(s): [someotherfilepath] The file names vary in the warnings but they are all messages around 'XXXX is not within the allowed path(s)'. Does this mean CC scripts are going looking for files in locations to which open_basedir restrictions are not allowing access? How do I go about checking this? The site is in a subfolder in the hosting account but posts about moving sites suggest that CC copes with this. It's never been moved, it's always been in a subfolder. Any advice on what I should be looking at to investigate this issue? Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 24 Share Posted August 24 (Not an expert on server operating systems, so...) CubeCart will add to PHP's 'include_path' all of the directories that class files can be found. This means that CubeCart will look in every one of these directories for the class when the code wants to instantiate a named class. That includes the path that PHP's 'php.ini' configuration file has for its 'include_path'. Then there is this open_basedir feature that may have a series of directories that PHP is allowed to look in. Sometimes, the directories listed for open_basedir do not include the 'include_path' stated in the php.ini configuration file. Most of the time, the client of a hosted account does not have access to the configuration settings needed to fix this. So, please contact your hosting provider and mention to them about this open_basedir issue. They should be able to fix it. Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 24 Share Posted August 24 The 404 was fixed in CC656. See: https://github.com/cubecart/v6/issues/3577 Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted August 24 Author Share Posted August 24 8 hours ago, bsmither said: The 404 was fixed in CC656. See: https://github.com/cubecart/v6/issues/3577 Thanks for fast reply, I've now run an update to CC656 via the admin panel updater. However, now instead of throwing a 404 page, the product filter dropdown is failing to load its options, just shows a pair of empty brackets/braces. I would have uploaded a snippet of screenshot but the forum won't let me upload an image but the issue can be seen in the product sort box on e.g. https://www.ronlines.com/electronics.html Is this likely to be related to the openbase_dir issues referred to in your earlier reply? 9 hours ago, bsmither said: (Not an expert on server operating systems, so...) CubeCart will add to PHP's 'include_path' all of the directories that class files can be found. This means that CubeCart will look in every one of these directories for the class when the code wants to instantiate a named class. That includes the path that PHP's 'php.ini' configuration file has for its 'include_path'. Then there is this open_basedir feature that may have a series of directories that PHP is allowed to look in. Sometimes, the directories listed for open_basedir do not include the 'include_path' stated in the php.ini configuration file. Most of the time, the client of a hosted account does not have access to the configuration settings needed to fix this. So, please contact your hosting provider and mention to them about this open_basedir issue. They should be able to fix it. Yes this is shared hosting on which I don't have access to PHPini, however the datacentre support team replied: "It looks like Cubecart is trying to open files outside of account home directory ('/smarty_autoloader.class.php' for example) which is causing the open_basedir security warning." At the moment, I can't see where /smarty_autoloader.class.php is actually sitting in the CC files, but do you have any further thoughts based on the above? Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 24 Share Posted August 24 "CubeCart will add to PHP's 'include_path' ..." In CubeCart's admin, near the bottom of the navigation pane, click on PHP Info. On the page that is displayed, scroll to the Core table, and find include_path, Master Value column. It might be something like, .:/usr/share/php:, possibly followed by more directories that are not within CubeCart's installation. It is likely that one of these directories conflicts with open_basedir settings. Your hosting provider is the only one able to fix this. The Sort box issue fix can be found here: https://github.com/cubecart/v6/issues/3626 Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted August 24 Author Share Posted August 24 1 hour ago, bsmither said: In CubeCart's admin, near the bottom of the navigation pane, click on PHP Info. On the page that is displayed, scroll to the Core table, and find include_path, Master Value column. The Master Value for include_path is shown as .: Which is to say 'period' and 'colon' On that basis, it appears there are no paths to external directories defined? Have I read that right, and would that empty setting likely cause issues? The local_value column for include_path has values for the plugins for Google Analytics and Paypal Commerce. Re your advice "The Sort box issue fix can be found here: https://github.com/cubecart/v6/issues/3626 Thanks, I've had a look at the mods posted in Github and compared them to my Cubecart files, I would say the CC 6.5.6 update files I ran 6 hours ago already has its file classes/catalogue.class.php with those mods applied to it, presumably it has been hotfixed. I guess I need to wait and see if Al Brockbanks replies in this thread after the weekend. Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 24 Share Posted August 24 Interesting. In the original post, there was said: "File [somefilename] is not within the allowed path(s): [someotherfilepath] ". Can we have a good example? Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted August 24 Author Share Posted August 24 The reason I posted such a poor version of the message is that Cloudflare was blocking me from posting the full content of the message into my post. Let's try with a screenshot: Sorry, the problem is I get a 200 error in either Chrome or Firefox when I try to upload an image. And if I try to paste in the messages to the body of a reply Cloudflare stops it, it's really frustrating. Let's see if I can get it to you via Dropbox: https://www.dropbox.com/scl/fi/1zt8izp0bsfy43hix69tp/cubecart-debug-message.txt?rlkey=ydrlwtfc2dd9alpv4ghet5i7o&dl=0 or https://www.dropbox.com/scl/fi/l25d5mhd4vqlhgdizt35r/message-2.png?rlkey=8p6eyanwh14i6t73ouh3o3tzu&dl=0 OK, that seems to have worked, appreciate you bearing with me. Thanks. Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 24 Share Posted August 24 Well, because I know very little about open_basedir, my conclusion is suspect. An allowed path is /home. Your site is in a sub-directory of /home. If open_basedir allows for the entire tree of /home, then all should be good here. Something is calling for the file /smarty_autoloader.class.php. This is not right for two reasons: 1. the file smarty_autoloader.class.php does not exist. 2. And if it did, the leading slash says this file must be at the root of the server - which it cannot be. What is needed is to find out where that call came from. From where did you copy the error messages from? If from the admin's Error Log, (1)System Error Log tab, or directly from the database (2)CubeCart_system_error_log, there may be a backtrace available. 1. Hover over a message. There will be a tooltip popup that will show the path of PHP execution to where the problem happened. 2. The 'backtrace' column has the path of PHP execution to where the problem happened. Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted August 30 Author Share Posted August 30 On 8/25/2024 at 12:44 AM, bsmither said: From where did you copy the error messages from? - from the Cubecart Debug Console which appears in a popup during page load when I have 'Enable debugging' enabled in the Cubecart admin settings. In the detail of MySQLi queries shown in the popup there is some info about paths in the error message. The source of the query seems to be /classes/autoloader.class.php line 75 of this file calls for Smarty.class.php but it specifies a full, and correct, path for it in a subdirectory: //If its smarty we need to use the smarty loader if ($class == 'Smarty') { require_once CC_INCLUDES_DIR.'lib/smarty/Smarty.class.php'; return true; } Does this mean something in the open_basedir behaviour of the server is resulting in the file request being redirected from the correct subdirectory, to site root instead? Sounds like a question for my datacentre support team, but I would be interested in your further thoughts? Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 30 Share Posted August 30 "there is some info about paths in the error message." Please let us know the entirety of those paths. Since this INSERT query, with the details of the error, was seen in CubeCart's Debug console, those details should also appear in admin, Error Log, System Error Log tab, as described earlier. Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted August 30 Author Share Posted August 30 Hi, sorry I hadn't recognised exactly what you were referring to in the admin System Error Log and therefore was too sketchy. I've now followed the path described above and copied the content of the first page of error messages into the attached. I can also see what you mean about the on-hover tooltips now, it makes a lot more sense. Here's a typical tooltip content: file_exists() (autoloader.class.php:93) class_exists() (Smarty.class.php:74) require_once() (autoloader.class.php:75) autoload() (controller.admin.pre_session.inc.php:37) include() (admin_yQ9BhX.php:34) Thanks for sticking with me to guide me to the data. Sorry I can't get file attachment to work, upload is blocked with a 200 error. Here's a Dropbox link: https://www.dropbox.com/scl/fi/wdkdqsnv00wcmho6auz56/cubecart-error-message2.doc?rlkey=pfrnv3ir5fmp8pxiehwgd2re1&dl=0 Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 30 Share Posted August 30 If the second reason posited as described above is the cause, then there seems to be an empty element in the include_path setting for PHP, or somehow an empty element is getting added. You can try to make the edits in the following Github issue: https://github.com/cubecart/v6/issues/3634 Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 30 Share Posted August 30 You might also want to make this edit in /classes/autoloader.class.php, near line 92: Find: foreach (self::$_paths as $path) { Change to: foreach (self::$_paths as $path) { $GLOBALS['debug']->debugMessage('Looking in this $path: '.empty($path)?"Empty":$path); Then, when viewing CubeCart's Debug Console, at the bottom will be the collection of Debug Messages. Quote Link to comment Share on other sites More sharing options...
bsmither Posted August 30 Share Posted August 30 Can't change the code change above. Use this instead: foreach (self::$_paths as $path) { $GLOBALS['debug']->debugMessage('Looking in this $path: '.(empty($path)?"Empty":$path)); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.