bug #40242 [ErrorHandler] Fix error caused by include + open_basedir (stlrnz)

nicolas-grekas · nicolas-grekas · commit 8113f10063af · 2021-03-16T10:08:11.000+01:00
This PR was submitted for the 5.x branch but it was merged into the 5.2 branch instead. Discussion ---------- [ErrorHandler] Fix error caused by `include` + open_basedir | Q | A | ------------- | --- | Branch? | 5.2 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | #37492 introduced the option to specify your own error template using `HtmlErrorRenderer::setTemplate('...');` However, the implementation using `file_exists(...)` in `include` can cause an error when not setting a custom template. > php.WARNING: Warning: file_exists(): open_basedir restriction in effect. File(assets/css/error.css) is not within the allowed path(s): (...) {"exception":"[object] (ErrorException(code: 0): Warning: file_exists(): open_basedir restriction in effect. File(assets/css/error.css) is not within the allowed path(s): (...) at ...\\vendor\\symfony\\error-handler\\ErrorRenderer\\HtmlErrorRenderer.php:355)"} [] As you can see the error is caused by checking `file_exists(...)` using relative paths in environments with a restrictive `open_basedir` policy. The proposed solution always uses absolute paths to include errors templates (and other files). Commits ------- 9ad7832 [ErrorHandler] Fix error caused by `include` + open_basedir
diff --git a/src/Symfony/Component/ErrorHandler/ErrorRenderer/HtmlErrorRenderer.php b/src/Symfony/Component/ErrorHandler/ErrorRenderer/HtmlErrorRenderer.php
@@ -352,7 +352,7 @@ private function include(string $name, array $context = []): string
         extract($context, \EXTR_SKIP);
         ob_start();
 
-        include file_exists($name) ? $name : __DIR__.'/../Resources/'.$name;
+        include is_file(\dirname(__DIR__).'/Resources/'.$name) ? \dirname(__DIR__).'/Resources/'.$name : $name;
 
         return trim(ob_get_clean());
     }

Original file line number	Diff line number	Diff line change
`@@ -352,7 +352,7 @@ private function include(string $name, array $context = []): string`
`352`	`352`	`extract($context, \EXTR_SKIP);`
`353`	`353`	`ob_start();`
`354`	`354`
`355`		`- include file_exists($name) ? $name : __DIR__.'/../Resources/'.$name;`
	`355`	`+ include is_file(\dirname(__DIR__).'/Resources/'.$name) ? \dirname(__DIR__).'/Resources/'.$name : $name;`
`356`	`356`
`357`	`357`	`return trim(ob_get_clean());`
`358`	`358`	`}`