File (x) is not within the allowed path

I am using the woo theme. I runs smoothly locally. When I upload to a production server I get this message for images directly linked from the content:

Whoops \ Exception \ ErrorException (E_WARNING)
file_exists(): open_basedir restriction in effect. File(/customers/f/6/ bilde.png) is not within the allowed path(s): (/customers/f/6/0/ ttpd.private:/customers/f/6/0/

The ‘0’ have been removed from the path so the path is not valid. Seems to be a problem with the URL conversion.

Your server has open_basedir settings that are causing the problems. See this:

Thank you for your quick reply. I think the open_basedir setting is ok. The file I am referring lays within the basedir, see path above. The problem is the getgrav code seems to be removing a zero in the path. Accessing images through frontmatter/twig template works, but accessing directly from content like this causes the error.

One workaround is to address the image with its full and absolute www url, but that means I need to update the code when changing from local to production environments, and using a relative path is always preferable of course.

Regarding the production server’s open_basedir settings: I don’t think I can control that.

Are you sure it’s not some rewrite rule on your end? Grav is not doing any specific rewrites of URLs unless you set something up in the your webserver or in the rewrite options of site.yaml

I am using the default .htaccess file provided by the theme, keeping all those rewrite rules, only changing the “RewriteBase” line to point to the actual sub directory. I have no rewrite options in site.yaml. Anyway, the problem is in path as far as I can tell.

I replaced the image line to a standard html src img line and then it works. So the issue is no longer stopping me. Thanks for your help.

I was hit hard by this issue again today. I made a workaround by changing Grav/Util:normalizePath to do nothing. I cannot read php code so I am not able to explain exactly what goes wrong. Cannot see how this function can remove a zero from the path.

Please tell me if you think this workaround has any adverse side effects. My pages seems to work as they should. I can post an issue if you like.

Hi @haralduna, currently I have no Grav install to test, but in my eyes you definitely found a bug in the function you mentioned above. Please create an issue. The reason is that at line 333 empty('0') returns true, which is obviously wrong. A fix might be to change L333 with

if (($segment == '.') || strlen($segment) == 0) {

Can you try that and attach the fix to your issue?

Can confirm that the fix works (tried locally and on production server). Will create an issue later today.