View Issue Details

IDProjectCategoryView StatusLast Update
0010972mantisbtsignuppublic2014-12-08 00:34
ReporterrafiAssigned Tograngeway 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0rc1 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0010972: openbase_dir breaks captcha generation
Description

When accessing the signup page (on my local mantis), the captcha is not displayed and no error message is displayed\logged.

Additional Information

I saved the generated captcha JPEG (http://mantis/make_captcha_img.php?public_key=1) to a file. The file begins with the following error message so the JPG is broken and cannot be displayed:

<p style="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/corefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)

<p style=
"color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/truetype/msttcorefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)

<p st
yle="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/msttcorefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)

<p style="
color:red">SYSTEM WARNING: is_readable() [<a href='function.is-readable'>function.is-readable</a>]: open_basedir restriction in effect. File(/usr/share/fonts/truetype/arial.ttf) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)

TagsNo tags attached.

Relationships

child of 0016565 closedgrangeway Implement new captcha library 

Activities

rafi

rafi

2009-09-22 09:00

reporter   ~0023012

Severity major because it blocks any new signup.

alderschwede

alderschwede

2010-04-03 08:56

reporter   ~0025006

Last edited: 2010-04-03 08:57

View 2 revisions

Hi, this is exactly what I have here now. Are there any news about this?
Anything I can do/try?

I got 1.2.0 final on a shared hosting platform.

dhx

dhx

2010-04-04 05:55

reporter   ~0025016

open_basedir is a PHP configuration option that limits all file system related functions of PHP to only work within a specific base directory.

On a shared host, open_basedir might be /var/www/{customerid}/ and thus you'll be unable to access any files on the server outside of /var/www/{customerid}. This means you'd need to copy fonts, system binaries and so forth somewhere into /var/www/{customerid} in order to use them.

I think we may need to introduce a new $g_font_path configuration option to MantisBT to solve not only this problem... but problems with the MantisGraph core plugin as well.

djSupport

djSupport

2010-09-07 04:54

reporter   ~0026607

Or surely use a system like PHPBB's because that works from the start!or use another captcha system thats free http://www.google.com/recaptcha/captcha

vvs

vvs

2011-06-10 06:25

reporter   ~0028966

I have experienced the same issue in an unusual way. Posting here so that others can find this solution.

I inserted /usr/share/fonts in the open_basedir but still had the jpeg starting with:
<p style="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/corefonts/) is not within the allowed path(s): (/usr/share/php5/:/usr/share/php/:/var/www:/tmp/:/usr/share/fonts/).
My open_basedir contained /usr/share/fonts and I still had the corrupted jpeg.

The reason was that I didn't have the /usr/share/fonts dir at all.
mkdir /usr/share/fonts solved the issue.

sgraf

sgraf

2012-05-09 07:52

reporter   ~0031781

Last edited: 2012-05-09 07:53

View 2 revisions

Possible workaround:

To fix the problem I added a fonts folder within my Mantis installation root, added the ARIAL.TTF font file inside that folder and then added a $g_system_font_folder variable to the mantis configuration file config_inc.php to point to the fonts folder.

Post explaining it in detail here: http://blog.suncrescent.net/2012/05/mantis-captcha-open_basedir-error/

richieboo

richieboo

2012-07-06 12:11

reporter   ~0032265

Thanks sgraf! Your workaround fixed my problem.

dregad

dregad

2013-11-01 06:50

developer   ~0038413

Marked as resolved following grangeway's implementation of securimage captcha library, as per his commit comment.

Feel free to reopen if you find that the original issue persists.

govind

govind

2013-12-01 22:04

reporter   ~0038679

sdfgdf

Related Changesets

MantisBT: master 8dd28f84

2013-10-15 16:02:42

Paul Richards

Details Diff
New Feature: replace captcha library with open source library. Adds audio support to captcha for accessibility [requires flash on client]

Ported from master-2.x branch

Resolves (Part or all) of bugs:

0010972: openbase_dir breaks captcha generation
0008796: The letters in the catchpa on account creation page are too small
0010976: Remove instances of pass-by-reference (deprecated in PHP 5.3.0)
0010028: Registrations by bots via captcha exploit
0008462: Captcha will benefit supporting other than jpeg format
0008129: Alternative to captchas
mod - core/print_api.php Diff File
mod - library/README.libs Diff File
add - library/securimage/AHGBold.ttf Diff File
add - library/securimage/LICENSE.txt Diff File
add - library/securimage/README.FONT.txt Diff File
add - library/securimage/README.txt Diff File
add - library/securimage/WavFile.php Diff File
add - library/securimage/audio/en/0.wav Diff File
add - library/securimage/audio/en/1.wav Diff File
add - library/securimage/audio/en/10.wav Diff File
add - library/securimage/audio/en/11.wav Diff File
add - library/securimage/audio/en/12.wav Diff File
add - library/securimage/audio/en/13.wav Diff File
add - library/securimage/audio/en/14.wav Diff File
add - library/securimage/audio/en/15.wav Diff File
add - library/securimage/audio/en/16.wav Diff File
add - library/securimage/audio/en/17.wav Diff File
add - library/securimage/audio/en/18.wav Diff File
add - library/securimage/audio/en/19.wav Diff File
add - library/securimage/audio/en/2.wav Diff File
add - library/securimage/audio/en/20.wav Diff File
add - library/securimage/audio/en/3.wav Diff File
add - library/securimage/audio/en/4.wav Diff File
add - library/securimage/audio/en/5.wav Diff File
add - library/securimage/audio/en/6.wav Diff File
add - library/securimage/audio/en/7.wav Diff File
add - library/securimage/audio/en/8.wav Diff File
add - library/securimage/audio/en/9.wav Diff File
add - library/securimage/audio/en/A.wav Diff File
add - library/securimage/audio/en/B.wav Diff File
add - library/securimage/audio/en/C.wav Diff File
add - library/securimage/audio/en/D.wav Diff File
add - library/securimage/audio/en/E.wav Diff File
add - library/securimage/audio/en/F.wav Diff File
add - library/securimage/audio/en/G.wav Diff File
add - library/securimage/audio/en/H.wav Diff File
add - library/securimage/audio/en/I.wav Diff File
add - library/securimage/audio/en/J.wav Diff File
add - library/securimage/audio/en/K.wav Diff File
add - library/securimage/audio/en/L.wav Diff File
add - library/securimage/audio/en/M.wav Diff File
add - library/securimage/audio/en/MINUS.wav Diff File
add - library/securimage/audio/en/N.wav Diff File
add - library/securimage/audio/en/O.wav Diff File
add - library/securimage/audio/en/P.wav Diff File
add - library/securimage/audio/en/PLUS.wav Diff File
add - library/securimage/audio/en/Q.wav Diff File
add - library/securimage/audio/en/R.wav Diff File
add - library/securimage/audio/en/S.wav Diff File
add - library/securimage/audio/en/T.wav Diff File
add - library/securimage/audio/en/TIMES.wav Diff File
add - library/securimage/audio/en/U.wav Diff File
add - library/securimage/audio/en/V.wav Diff File
add - library/securimage/audio/en/W.wav Diff File
add - library/securimage/audio/en/X.wav Diff File
add - library/securimage/audio/en/Y.wav Diff File
add - library/securimage/audio/en/Z.wav Diff File
add - library/securimage/audio/en/error.wav Diff File
add - library/securimage/audio/noise/check-point-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-6.wav Diff File
add - library/securimage/audio/noise/crowd-talking-7.wav Diff File
add - library/securimage/audio/noise/kids-playing-1.wav Diff File
add - library/securimage/backgrounds/bg3.jpg Diff File
add - library/securimage/backgrounds/bg4.jpg Diff File
add - library/securimage/backgrounds/bg5.jpg Diff File
add - library/securimage/backgrounds/bg6.png Diff File
add - library/securimage/captcha.html Diff File
add - library/securimage/database/.htaccess Diff File
add - library/securimage/database/index.html Diff File
add - library/securimage/database/securimage.sq3 Diff File
add - library/securimage/example_form.ajax.php Diff File
add - library/securimage/example_form.php Diff File
add - library/securimage/images/audio_icon.png Diff File
add - library/securimage/images/refresh.png Diff File
add - library/securimage/securimage.php Diff File
add - library/securimage/securimage_play.php Diff File
add - library/securimage/securimage_play.swf Diff File
add - library/securimage/securimage_show.php Diff File
add - library/securimage/words/words.txt Diff File
rm - make_captcha_img.php Diff File
mod - signup.php Diff File
mod - signup_page.php Diff File

Issue History

Date Modified Username Field Change
2009-09-22 09:00 rafi New Issue
2009-09-22 09:00 rafi Note Added: 0023012
2010-04-03 08:56 alderschwede Note Added: 0025006
2010-04-03 08:57 alderschwede Note Edited: 0025006 View Revisions
2010-04-04 05:55 dhx Note Added: 0025016
2010-04-04 05:55 dhx Status new => confirmed
2010-04-04 05:56 dhx Target Version => 1.2.2
2010-04-21 09:14 jreese Target Version 1.2.1 => 1.2.2
2010-07-29 10:41 jreese Target Version 1.2.2 => 1.2.3
2010-09-07 04:54 djSupport Note Added: 0026607
2010-09-14 10:55 jreese Target Version 1.2.3 => 1.2.4
2010-12-14 21:05 jreese Target Version 1.2.4 => 1.2.5
2011-04-05 12:25 jreese Target Version 1.2.5 => 1.2.6
2011-06-10 06:25 vvs Note Added: 0028966
2011-07-26 09:53 jreese Target Version 1.2.6 => 1.2.7
2011-08-22 10:49 jreese Target Version 1.2.7 => 1.2.8
2011-09-06 10:33 jreese Target Version 1.2.8 => 1.2.9
2012-03-04 09:23 atrol Target Version 1.2.9 => 1.2.10
2012-04-02 02:33 atrol Target Version 1.2.10 => 1.2.11
2012-05-09 07:52 sgraf Note Added: 0031781
2012-05-09 07:53 sgraf Note Edited: 0031781 View Revisions
2012-06-06 23:54 jreese Target Version 1.2.11 => 1.2.12
2012-07-06 12:11 richieboo Note Added: 0032265
2012-11-10 19:04 dregad Target Version 1.2.12 => 1.2.13
2013-01-22 09:48 dregad Target Version 1.2.13 => 1.2.14
2013-01-29 09:28 dregad Target Version 1.2.14 => 1.2.15
2013-04-12 09:57 dregad Target Version 1.2.15 => 1.2.16
2013-11-01 06:44 dregad Relationship added child of 0016565
2013-11-01 06:45 dregad Changeset attached => MantisBT master 8dd28f84
2013-11-01 06:47 dregad Status confirmed => resolved
2013-11-01 06:47 dregad Fixed in Version => 1.3.0-beta.1
2013-11-01 06:47 dregad Resolution open => fixed
2013-11-01 06:47 dregad Assigned To => dregad
2013-11-01 06:48 dregad Status resolved => assigned
2013-11-01 06:48 dregad Assigned To dregad => grangeway
2013-11-01 06:48 dregad Status assigned => resolved
2013-11-01 06:49 dregad Target Version 1.2.16 => 1.3.0-beta.1
2013-11-01 06:50 dregad Note Added: 0038413
2013-12-01 22:04 govind Note Added: 0038679
2014-12-08 00:34 vboctor Status resolved => closed