View Issue Details

IDProjectCategoryView StatusLast Update
0010972mantisbtsignuppublic2014-12-08 00:34
Reporterrafi Assigned Tograngeway  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0rc1 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0010972: openbase_dir breaks captcha generation
Description

When accessing the signup page (on my local mantis), the captcha is not displayed and no error message is displayed\logged.

Additional Information

I saved the generated captcha JPEG (http://mantis/make_captcha_img.php?public_key=1) to a file. The file begins with the following error message so the JPG is broken and cannot be displayed:

<p style="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/corefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)</p><p style=
"color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/truetype/msttcorefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)</p><p st
yle="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/msttcorefonts/) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)</p><p style="
color:red">SYSTEM WARNING: is_readable() [<a href='function.is-readable'>function.is-readable</a>]: open_basedir restriction in effect. File(/usr/share/fonts/truetype/arial.ttf) is not within the allowed path(s): (/usr/share/php5:/usr/share/php:/var/www:/tmp)</p>

TagsNo tags attached.

Relationships

child of 0016565 closedgrangeway Implement new captcha library 

Activities

rafi

rafi

2009-09-22 09:00

reporter   ~0023012

Severity major because it blocks any new signup.

alderschwede

alderschwede

2010-04-03 08:56

reporter   ~0025006

Last edited: 2010-04-03 08:57

Hi, this is exactly what I have here now. Are there any news about this?
Anything I can do/try?

I got 1.2.0 final on a shared hosting platform.

dhx

dhx

2010-04-04 05:55

reporter   ~0025016

open_basedir is a PHP configuration option that limits all file system related functions of PHP to only work within a specific base directory.

On a shared host, open_basedir might be /var/www/{customerid}/ and thus you'll be unable to access any files on the server outside of /var/www/{customerid}. This means you'd need to copy fonts, system binaries and so forth somewhere into /var/www/{customerid} in order to use them.

I think we may need to introduce a new $g_font_path configuration option to MantisBT to solve not only this problem... but problems with the MantisGraph core plugin as well.

djSupport

djSupport

2010-09-07 04:54

reporter   ~0026607

Or surely use a system like PHPBB's because that works from the start!or use another captcha system thats free http://www.google.com/recaptcha/captcha

vvs

vvs

2011-06-10 06:25

reporter   ~0028966

I have experienced the same issue in an unusual way. Posting here so that others can find this solution.

I inserted /usr/share/fonts in the open_basedir but still had the jpeg starting with:
<p style="color:red">SYSTEM WARNING: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/usr/share/fonts/corefonts/) is not within the allowed path(s): (/usr/share/php5/:/usr/share/php/:/var/www:/tmp/:/usr/share/fonts/).
My open_basedir contained /usr/share/fonts and I still had the corrupted jpeg.

The reason was that I didn't have the /usr/share/fonts dir at all.
mkdir /usr/share/fonts solved the issue.

sgraf

sgraf

2012-05-09 07:52

reporter   ~0031781

Last edited: 2012-05-09 07:53

Possible workaround:

To fix the problem I added a fonts folder within my Mantis installation root, added the ARIAL.TTF font file inside that folder and then added a $g_system_font_folder variable to the mantis configuration file config_inc.php to point to the fonts folder.

Post explaining it in detail here: http://blog.suncrescent.net/2012/05/mantis-captcha-open_basedir-error/

richieboo

richieboo

2012-07-06 12:11

reporter   ~0032265

Thanks sgraf! Your workaround fixed my problem.

dregad

dregad

2013-11-01 06:50

developer   ~0038413

Marked as resolved following grangeway's implementation of securimage captcha library, as per his commit comment.

Feel free to reopen if you find that the original issue persists.

govind

govind

2013-12-01 22:04

reporter   ~0038679

sdfgdf

Related Changesets

MantisBT: master 8dd28f84

2013-10-15 12:02

Paul Richards


Details Diff
New Feature: replace captcha library with open source library. Adds audio support to captcha for accessibility [requires flash on client]

Ported from master-2.x branch

Resolves (Part or all) of bugs:

0010972: openbase_dir breaks captcha generation
0008796: The letters in the catchpa on account creation page are too small
0010976: Remove instances of pass-by-reference (deprecated in PHP 5.3.0)
0010028: Registrations by bots via captcha exploit
0008462: Captcha will benefit supporting other than jpeg format
0008129: Alternative to captchas
Affected Issues
0008129, 0008462, 0008796, 0010028, 0010972, 0010976, 0016565
mod - core/print_api.php Diff File
mod - library/README.libs Diff File
add - library/securimage/AHGBold.ttf Diff File
add - library/securimage/LICENSE.txt Diff File
add - library/securimage/README.FONT.txt Diff File
add - library/securimage/README.txt Diff File
add - library/securimage/WavFile.php Diff File
add - library/securimage/audio/en/0.wav Diff File
add - library/securimage/audio/en/1.wav Diff File
add - library/securimage/audio/en/10.wav Diff File
add - library/securimage/audio/en/11.wav Diff File
add - library/securimage/audio/en/12.wav Diff File
add - library/securimage/audio/en/13.wav Diff File
add - library/securimage/audio/en/14.wav Diff File
add - library/securimage/audio/en/15.wav Diff File
add - library/securimage/audio/en/16.wav Diff File
add - library/securimage/audio/en/17.wav Diff File
add - library/securimage/audio/en/18.wav Diff File
add - library/securimage/audio/en/19.wav Diff File
add - library/securimage/audio/en/2.wav Diff File
add - library/securimage/audio/en/20.wav Diff File
add - library/securimage/audio/en/3.wav Diff File
add - library/securimage/audio/en/4.wav Diff File
add - library/securimage/audio/en/5.wav Diff File
add - library/securimage/audio/en/6.wav Diff File
add - library/securimage/audio/en/7.wav Diff File
add - library/securimage/audio/en/8.wav Diff File
add - library/securimage/audio/en/9.wav Diff File
add - library/securimage/audio/en/A.wav Diff File
add - library/securimage/audio/en/B.wav Diff File
add - library/securimage/audio/en/C.wav Diff File
add - library/securimage/audio/en/D.wav Diff File
add - library/securimage/audio/en/E.wav Diff File
add - library/securimage/audio/en/F.wav Diff File
add - library/securimage/audio/en/G.wav Diff File
add - library/securimage/audio/en/H.wav Diff File
add - library/securimage/audio/en/I.wav Diff File
add - library/securimage/audio/en/J.wav Diff File
add - library/securimage/audio/en/K.wav Diff File
add - library/securimage/audio/en/L.wav Diff File
add - library/securimage/audio/en/M.wav Diff File
add - library/securimage/audio/en/MINUS.wav Diff File
add - library/securimage/audio/en/N.wav Diff File
add - library/securimage/audio/en/O.wav Diff File
add - library/securimage/audio/en/P.wav Diff File
add - library/securimage/audio/en/PLUS.wav Diff File
add - library/securimage/audio/en/Q.wav Diff File
add - library/securimage/audio/en/R.wav Diff File
add - library/securimage/audio/en/S.wav Diff File
add - library/securimage/audio/en/T.wav Diff File
add - library/securimage/audio/en/TIMES.wav Diff File
add - library/securimage/audio/en/U.wav Diff File
add - library/securimage/audio/en/V.wav Diff File
add - library/securimage/audio/en/W.wav Diff File
add - library/securimage/audio/en/X.wav Diff File
add - library/securimage/audio/en/Y.wav Diff File
add - library/securimage/audio/en/Z.wav Diff File
add - library/securimage/audio/en/error.wav Diff File
add - library/securimage/audio/noise/check-point-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-6.wav Diff File
add - library/securimage/audio/noise/crowd-talking-7.wav Diff File
add - library/securimage/audio/noise/kids-playing-1.wav Diff File
add - library/securimage/backgrounds/bg3.jpg Diff File
add - library/securimage/backgrounds/bg4.jpg Diff File
add - library/securimage/backgrounds/bg5.jpg Diff File
add - library/securimage/backgrounds/bg6.png Diff File
add - library/securimage/captcha.html Diff File
add - library/securimage/database/.htaccess Diff File
add - library/securimage/database/index.html Diff File
add - library/securimage/database/securimage.sq3 Diff File
add - library/securimage/example_form.ajax.php Diff File
add - library/securimage/example_form.php Diff File
add - library/securimage/images/audio_icon.png Diff File
add - library/securimage/images/refresh.png Diff File
add - library/securimage/securimage.php Diff File
add - library/securimage/securimage_play.php Diff File
add - library/securimage/securimage_play.swf Diff File
add - library/securimage/securimage_show.php Diff File
add - library/securimage/words/words.txt Diff File
rm - make_captcha_img.php Diff
mod - signup.php Diff File
mod - signup_page.php Diff File