Hi,

when viewing my webform, I get 6 identical errors of the form

 warning: realpath() [function.realpath]: open_basedir restriction in effect. File(/) is not within the allowed path(s):
 (/is/htdocs/user_tmp/blabla:/tmp:/dev/null:/dev/urandom:/bin:/usr:/is/default.errors:/is/htdocs/blabla) in
 /is/htdocs/blabla/www/includes/file.inc on line 188.

where blabla is some lengthy generated path to the webspace.

Except for the occasional update, I have not changed the site recently, so I can only assume the hoster changed something.
Funny fact: It seems this error only emerges when looking at the form as admin - as less priviliged user, it looks just fine. The site is using Admin Role and Administration menu besides ~15 other modules, all up-to-date.

Similar issues have been mentioned before, but it seems they boiled down to wrong file system settings. Mine seem to be valid, though, the status page is happy. The issue seems to be that someone wants to access "/".

I like asking questions the smart way, but with this being my first Drupal issue, many things might not be obvious to me - please tell me what you need!

Cheers,
Dennis

Comments

quicksketch’s picture

quicksketch
he/him
commented

Are you using private files (under admin/settings/file-system)? I've heard a few issues around Private Files and Webform. Though it's odd that you say this happens "when viewing the webform". Just viewing the form probably shouldn't be doing that.

A similar-sounding issue was #545826: Doesn't check if folder exists in hook_file_download, which is a problem that still exists in the 2.9 version.

dlw’s picture

dlw commented

quicksketch, thanks for your answer - sorry it took me so long to get back (doesn't drupal.org have email notification?)

No, I am using the Public setting.

Are you suggesting that I should try the patch? Thing is, I have to try it on our "production" site, because the issue does not surface on my local mirror site, so I'd rather ask, if is likely to break anything.

Does the fact that it only happens to accounts with admin rights ring any kind bell? I could confirm this now over various users.

quicksketch’s picture

quicksketch
he/him
commented

Hm, I'm not sure. The only place we use file_check_location() is in the download function for private downloads. I'm assuming the form that gives you these warnings contains a file component right? Do you get this on forms that don't have a file component?

dlw’s picture

dlw commented

Ok, maybe we are getting somewhere:
The form has three files attached to it; the site uses the Core/Upload and the iTweak Upload module.

Removing one cancels two of the error messages (3 files x 2 warning = 6, adds up!), so I guess Webform might not even be the culprit. Any advice where to go from here?

Thanks,
Dennis

quicksketch’s picture

quicksketch
he/him
commented

Hm, I'd suggest turning off iTweak Upload, then see if the error goes away. If it does, then move this issue over to that queue. If it's upload.module alone, there isn't much to do about it (though I have a feeling it's not core).

dlw’s picture

dlw commented
Project: Webform » iTweak Upload
Version: 6.x-2.9 » 6.x-2.3

Spot on, it is iTweak Upload: after disabling it, there are no more error messages.

iva2k’s picture

iva2k commented
Status: Active » Postponed (maintainer needs more info)

Please check if your problem is not the duplicate of #706888: Images/thumbnails without permission are shown in the gallery view and/or still present in the latest 6.x-2.x-dev snapshot, and report here.

dlw’s picture

dlw commented
Status: Postponed (maintainer needs more info) » Fixed

The 6.x-2.x-dev snapshot from 2010-Mar-11 fixes this issue.

Thanks!

iva2k’s picture

iva2k commented
Status: Fixed » Closed (duplicate)

Duplicate of #706888: Images/thumbnails without permission are shown in the gallery view