本文介绍了Symfony2 open_basedir 限制生效的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将 symfony 2.7 项目部署到共享主机.在本地主机上一切正常,但在服务器上我遇到了很大的错误...

当我尝试访问该网站时:

http://infinityproperty.sitetester.biz/

我收到一个错误:

警告:is_dir():open_basedir 限制生效.文件(/srv/www/infinityproperty.sitetester.biz/web)不在允许的路径内:

当我尝试输入 3-4 次时,它消除了错误,我可以看到结构.但问题就在那里.也没有显示 liipimage 中的图像.

我已经删除了对语言环境的检查,可以看到错误:

http://infinityproperty.sitetester.biz/app_dev.php

我知道它很危险,我会在解决我的问题后彻底删除它.

应用程序、bin 等是私有文件夹中的一个目录.

这里是基本配置:

导入:- { 资源:parameters.yml }- { 资源:security.yml }- { 资源:services.yml }# 把不需要改变的参数放在每台部署app的机器上# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration参数:语言环境:bgkernelRootDir: %kernel.root_dir%网络:/../../web"框架:#esi:~翻译器:{ 回退:[%locale%"]}秘密:%secret%"路由器:资源:%kernel.root_dir%/config/routing.yml"严格要求:~形式:~csrf_protection: ~验证:{ enable_annotations: true }#serializer: { enable_annotations: true }模板:引擎:['twig']#assets_version:SomeVersionSchemedefault_locale: "%locale%"可信主机:~受信任的代理:~会议:# handler_id 设置为 null 将使用来自 php.ini 的默认会话处理程序handler_id:~片段:~http_method_override: 真# 树枝配置枝条:调试:%kernel.debug%"strict_variables: "%kernel.debug%"全局变量:kernelRootDir: %kernel.root_dir%form_themes:# 其他表单主题- 'CoreBundle:VichForm:fields.html.twig'# 资产配置资产:调试:%kernel.debug%"使用控制器:假捆绑包:[CoreBundle,FOSUserBundle,PagesBundle]#java:/usr/bin/java过滤器:cssrewrite:~#关闭:# jar: "%kernel.root_dir%/Resources/java/compiler.jar"#yui_css:# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"# 学说配置教义:数据库:驱动程序:pdo_mysql主机:%database_host%"端口:%database_port%"dbname: "%database_name%"用户:%database_user%"密码:%database_password%"字符集:UTF8# 如果使用 pdo_sqlite 作为您的数据库驱动程序:#1.在parameters.yml中添加路径# 例如database_path: "%kernel.root_dir%/data/data.db3"# 2. 取消parameters.yml.dist中database_path的注释# 3. 取消注释下一行:# 路径:%database_path%"形式:auto_generate_proxy_classes: "%kernel.debug%"Naming_strategy:doctrine.orm.naming_strategy.underscore自动映射:真# Swiftmailer 配置迅捷邮递员:运输:%mailer_transport%"主机:%mailer_host%"用户名:%mailer_user%"密码:%mailer_password%"线轴:{ 类型:内存}fos_user:db_driver: orm # 其他有效值是 'mongodb'、'couchdb' 和 'propel'防火墙名称:主要user_class: George\UserBundle\Entity\Usersimple_things_entity_audit:审计实体:- George\PageBundle\Entity\Page- George\UserBundle\Entity\Userstof_doctrine_extensions:形式:默认:sluggable:真的可排序:真实时间戳:truevich_uploader:db_driver: orm映射:产品图片:uri_prefix:/图像/产品上传目的地:%kernel.root_dir%/../../web/images/productsinject_on_load: 假delete_on_update: 真delete_on_remove: 真公寓图片:uri_prefix:/图像/公寓上传目的地:%kernel.root_dir%/../../web/images/apartmentinject_on_load: 假delete_on_update: 真delete_on_remove: 真幻灯片图像:uri_prefix:/图像/滑块上传目的地:%kernel.root_dir%/../../web/images/sliderinject_on_load: 假delete_on_update: 真delete_on_remove: 真点图像:uri_prefix:/图像/点上传目的地:%kernel.root_dir%/../../web/images/pointinject_on_load: 假delete_on_update: 真delete_on_remove: 真object_image:uri_prefix:/图像/对象上传目的地:%kernel.root_dir%/../../web/images/objectinject_on_load: 假delete_on_update: 真delete_on_remove: 真画廊图像:uri_prefix:/图像/画廊上传目的地:%kernel.root_dir%/../../web/images/galleryinject_on_load: 假delete_on_update: 真delete_on_remove: 真公司形象:uri_prefix:/图像/公司上传目的地:%kernel.root_dir%/../../web/images/companyinject_on_load: 假delete_on_update: 真delete_on_remove: 真liip_想象:解析器:默认:网络路径:~过滤器集:缓存:~我的拇指:质量:75过滤器:缩略图:{ 大小:[120, 90],模式:出站 }720x534:质量:75过滤器:缩略图:{ 大小:[720,534],模式:出站}1920x1440:质量:75过滤器:缩略图:{ 大小:[1920,1440],模式:出站}oneup_uploader:映射:画廊:前端:fineuploader # 或您在前端使用的任何上传器allowed_mimetypes: [图像/jpeg,图像/png,图像/gif]名称:oneup_uploader.namer.uniqida2lix_translation_form:locale_provider: 默认 # [1]语言环境:[bg, en] # [1-a]default_locale: bg # [1-b]required_locales: [bg] # [1-c]manager_registry: 学说 # [2]模板:A2lixTranslationFormBundle::default.html.twig"#[3]迅捷邮递员:传输:'%mailer_transport%'主机:'%mailer_host%'用户名:'%mailer_user%'密码:'%mailer_password%'stfalcon_tinymce:tinymce_jquery: 真选择器:.tinymce"# 从parameters.ini 获取当前语言语言:%locale%# 自定义按钮tinymce_buttons:stfalcon: # 第一个按钮的 ID作品名称:《猎鹰》图片:http://stfalcon.com/favicon.ico"主题:# 简单主题:与默认主题相同简单:~# 高级主题几乎所有启用的插件先进的:插件:- advlist 自动链接列表链接图像charmap 打印预览hr 锚分页符"- searchreplace wordcount visualblocks visualchars 代码全屏"- 插入日期时间媒体不间断保存表上下文菜单方向性"- 表情模板粘贴文本颜色"工具栏 1:插入文件撤消重做 | 样式选择 | 粗斜体 | alignleft aligncenter alignright alignjustify | Bullist numlist 缩进 | 链接图像"工具栏 2:打印预览媒体 | 前色背景图释 | stfalcon | 示例"image_advtab: 真模板:- {title:'三列',内容:'

aaaaaa</div><div class="secondColumn">aaaaaa</div><div class="thirdColumn">cccc</div>'}- {title: 'checklist', content: '<ul><li>Chek 1</li><li>Chek 1</li></ul>'}# BBCode 标签兼容主题(见 http://www.bbcode.org/reference.php)bbcode:插件:[bbcode,代码,链接,预览"]菜单栏:假工具栏 1:粗体、斜体、下划线、撤消、重做、链接、取消链接、删除格式、清理、代码、预览"

编辑

这不是 open_basedir 的问题...这是项目的第一次部署,所以路径有一些问题...所以解决方案是清除所有缓存并使所有目录也具有适当的权限配置文件需要稍微简化一下,基本上应该留在核心 symfony 的位置.

解决方案

请注意,使用open_basedir"指令将禁用realpath_cache".

当您设置 PHP 的 open_basedir 限制时,PHP 将停用 realpath 缓存.这将降低任何使用多个文件(include_once、require_once)的 PHP 应用程序的性能,例如 WordPress、Drupal 和 Magento —— 仅举几例.当 PHP 团队修复 CVE-2006-5178 时,决定在使用 open_basedir(和之前的 safe_mode)限制时停用 realpath 缓存.有关详细信息,请参阅 PHP 的错误报告 52312.

我已经挖掘了几天直到找到它.由于 Symfony 严重依赖缓存,因此我的项目的性能从~1000 毫秒飙升至~60 毫秒.但您必须考虑可能存在的安全风险...

i'm trying to deploy a symfony 2.7 project to shared hosting. Everything works fine on localhost but on the server i got big fat error...

When i try to hit the site:

http://infinityproperty.sitetester.biz/

I was getting a error :

Warning: is_dir(): open_basedir restriction in effect. File(/srv/www/infinityproperty.sitetester.biz/web) is not within the allowed path(s):

When I try to enter 3-4 times it removes the error and i can see the structure. But the issue is there. Also no images from the liipimage are shown.

I have remove the check for the locale and the error can be seen :

http://infinityproperty.sitetester.biz/app_dev.php

I know that it is very dangerous and i will completely remove it after resolving my issue.

The app, bin, and so on are one directory up in a private folder.

Here is the basic config:

imports:
    - { resource: parameters.yml }
    - { resource: security.yml }
    - { resource: services.yml }

# Put parameters here that don't need to change on each machine where the app is deployed
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
    locale: bg
    kernelRootDir: %kernel.root_dir%
    web: "/../../web"
framework:
    #esi:             ~
    translator:      { fallbacks: ["%locale%"] }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:      { enable_annotations: true }
    templating:
        engines: ['twig']
        #assets_version: SomeVersionScheme
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        # handler_id set to null will use default session handler from php.ini
        handler_id:  ~
    fragments:       ~
    http_method_override: true

# Twig Configuration
twig:
    debug:            "%kernel.debug%"
    strict_variables: "%kernel.debug%"
    globals:
        kernelRootDir: %kernel.root_dir%
    form_themes:
        # other form themes
        - 'CoreBundle:VichForm:fields.html.twig'
# Assetic Configuration
assetic:
    debug:          "%kernel.debug%"
    use_controller: false
    bundles:        [CoreBundle,FOSUserBundle,PagesBundle]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: "%kernel.root_dir%/Resources/java/compiler.jar"
        #yui_css:
        #    jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

# Doctrine Configuration
doctrine:
    dbal:
        driver:   pdo_mysql
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        # if using pdo_sqlite as your database driver:
        #   1. add the path in parameters.yml
        #     e.g. database_path: "%kernel.root_dir%/data/data.db3"
        #   2. Uncomment database_path in parameters.yml.dist
        #   3. Uncomment next line:
        #     path:     "%database_path%"

    orm:
        auto_generate_proxy_classes: "%kernel.debug%"
        naming_strategy: doctrine.orm.naming_strategy.underscore
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: "%mailer_transport%"
    host:      "%mailer_host%"
    username:  "%mailer_user%"
    password:  "%mailer_password%"
    spool:     { type: memory }
fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    firewall_name: main
    user_class: George\UserBundle\Entity\User
simple_things_entity_audit:
    audited_entities:
        - George\PageBundle\Entity\Page
        - George\UserBundle\Entity\User
stof_doctrine_extensions:
    orm:
        default:
            sluggable: true
            sortable: true
            timestampable: true
vich_uploader:
    db_driver: orm
    mappings:
        product_image:
            uri_prefix:         /images/products
            upload_destination: %kernel.root_dir%/../../web/images/products
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        apartment_image:
            uri_prefix:         /images/apartment
            upload_destination: %kernel.root_dir%/../../web/images/apartment
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        slide_image:
            uri_prefix:         /images/slider
            upload_destination: %kernel.root_dir%/../../web/images/slider
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        point_image:
            uri_prefix:         /images/point
            upload_destination: %kernel.root_dir%/../../web/images/point
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        object_image:
            uri_prefix:         /images/object
            upload_destination: %kernel.root_dir%/../../web/images/object
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        gallery_image:
            uri_prefix:         /images/gallery
            upload_destination: %kernel.root_dir%/../../web/images/gallery
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
        company_image:
            uri_prefix:         /images/company
            upload_destination: %kernel.root_dir%/../../web/images/company
            inject_on_load:     false
            delete_on_update:   true
            delete_on_remove:   true
liip_imagine:
    resolvers:
       default:
          web_path: ~

    filter_sets:
        cache: ~
        my_thumb:
            quality: 75
            filters:
                thumbnail: { size: [120, 90], mode: outbound }
        720x534:
            quality: 75
            filters:
                thumbnail: { size: [720,534],  mode: outbound }
        1920x1440:
            quality: 75
            filters:
                thumbnail: { size: [1920,1440],  mode: outbound }
oneup_uploader:
    mappings:
        gallery:
            frontend: fineuploader # or any uploader you use in the frontend
            allowed_mimetypes: [image/jpeg,image/png,image/gif]
            namer:  oneup_uploader.namer.uniqid

a2lix_translation_form:
    locale_provider: default       # [1]
    locales: [bg, en]          # [1-a]
    default_locale: bg             # [1-b]
    required_locales: [bg]         # [1-c]
    manager_registry: doctrine      # [2]
    templating: "A2lixTranslationFormBundle::default.html.twig"      # [3]
swiftmailer:
    transport: '%mailer_transport%'
    host:      '%mailer_host%'
    username:  '%mailer_user%'
    password:  '%mailer_password%'
stfalcon_tinymce:
        tinymce_jquery: true
        selector: ".tinymce"
        # Get current language from the parameters.ini
        language: %locale%
        # Custom buttons
        tinymce_buttons:
            stfalcon: # Id of the first button
                title: "Stfalcon"
                image: "http://stfalcon.com/favicon.ico"
        theme:
            # Simple theme: same as default theme
            simple: ~
            # Advanced theme with almost all enabled plugins
            advanced:
                 plugins:
                     - "advlist autolink lists link image charmap print preview hr anchor pagebreak"
                     - "searchreplace wordcount visualblocks visualchars code fullscreen"
                     - "insertdatetime media nonbreaking save table contextmenu directionality"
                     - "emoticons template paste textcolor"
                 toolbar1: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
                 toolbar2: "print preview media | forecolor backcolor emoticons | stfalcon | example"
                 image_advtab: true
                 templates:
                     - {title: 'Three columns', content: '<div class="firstColumn">aaaaaa</div><div class="secondColumn">aaaaaa</div><div class="thirdColumn">ccccc</div>'}
                     - {title: 'checklist', content: '<ul><li>Chek 1</li><li>Chek 1</li></ul>'}
            # BBCode tag compatible theme (see http://www.bbcode.org/reference.php)
            bbcode:
                 plugins: ["bbcode, code, link, preview"]
                 menubar: false
                 toolbar1: "bold,italic,underline,undo,redo,link,unlink,removeformat,cleanup,code,preview"

EDIT

It was not the open_basedir the problem... It was the first deployment of the project so it has some problems with the paths... So the solution was to clear all the cache and make all directories with the proper permissions also the config file was needed to be twig a bit basically where should stay the core symfony.

解决方案

Please note that using 'open_basedir' directive will disable usage of 'realpath_cache'.

I`ve been digging for a few days till finding that out. This literraly sky-rocketed my project with performance from ~1000ms to ~60ms as Symfony is heavily cache-dependent. But you must consider possible security risks...

这篇关于Symfony2 open_basedir 限制生效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-20 08:48
查看更多