open_basedir issue on IIS 8

  • Resolved ultradust

    (@ultradust)


    11 years, 3 months ago

    When using the latest version of iThemes Security on a Windows 2012 R2 server with IIS8, everything works great as long as I leave the php.ini open_basedir setting commented out.

    Obviously, that’s no good for security. It needs to be on. But when it’s on, and when iThemes is activated, here’s the error I get:

    PHP Warning: is_readable(): open_basedir restriction in effect. File(M:\inetpub\wwwroot\sites\superduper\production/wp-content/plugins/M:\inetpub\wwwroot\sites\superduper\production\wp-content\plugins\better-wp-security/lang/it-l10n-better-wp-security-en_US.mo) is not within the allowed path(s): (M:\inetpub\wwwroot\sites\;C:\Program Files\PHP\;C:\windows\temp;) in M:\inetpub\wwwroot\sites\superduper\production\wp-includes\l10n.php on line 476

    As you can see, this plugin is obviously screwing things up by incorrectly concatenating values for the locations of items. It is probably expecting relative values from a Linux environment and hasn’t been coded correctly to be adaptable to other environments.

    I tried figuring out how the values are set in the plugin in order to manually fix it, but it’s beyond my skill level.

    How can I fix this?

    https://ww.wp.xz.cn/plugins/better-wp-security/

Viewing 6 replies - 1 through 6 (of 6 total)
  • dwinden

    (@dwinden)

    11 years, 3 months ago

    This is a known issue specific for the Windows platform. It has nothing to do with IIS8.

    In wp-content/plugins/better-wp-security/core/class-itsec-core.php file replace this line:

    load_plugin_textdomain( 'it-l10n-better-wp-security', false, trailingslashit( $itsec_globals['plugin_dir'] ) . 'lang' );

    with:

    load_plugin_textdomain( 'it-l10n-better-wp-security', false, trailingslashit( dirname( plugin_basename( $itsec_globals['plugin_file']))) . 'lang' );

    If the above info helps you resolve the issue please mark this topic as ‘resolved’.

    dwinden

    Thread Starter ultradust

    (@ultradust)

    11 years, 3 months ago

    Wow, thank you for the swift and precise help! Excellent.

    The fix you suggested wasn’t working as-is; I had to add ‘s as follows:

    load_plugin_textdomain( ”it-l10n-better-wp-security”, false, trailingslashit( dirname( plugin_basename( $itsec_globals[”plugin_file”]))) . ”lang” );

    Now it works great. Thank you for this help!

    Thread Starter ultradust

    (@ultradust)

    11 years, 3 months ago

    The plugin is great. Very useful feature set.

    Thread Starter ultradust

    (@ultradust)

    11 years, 3 months ago

    Is there any chance the plugin might be updated to accommodate Windows environments automatically, without a need to make this change manually?

    dwinden

    (@dwinden)

    11 years, 3 months ago

    As you can see in the original iTSec code line single quotes are used.
    Also throughout the whole iTSec plugin code single quotes are used.
    So you normally shouldn’t need to change that into double quotes.

    The example in the WordPress Codex is also using single quotes:

    https://codex.ww.wp.xz.cn/Function_Reference/load_plugin_textdomain

    Apparently iThemes does not test (if at all) the plugin on a Windows platform. There is another Windows specific bug present in the code.
    These bugs have been there for ages so I guess they are here to stay …

    For more info on the other bug read this topic:

    https://ww.wp.xz.cn/support/topic/files-and-folders-list-not-working

    dwinden

    dwinden

    (@dwinden)

    11 years, 2 months ago

    Fixed in 4.6.12 update.

    dwinden

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘open_basedir issue on IIS 8’ is closed to new replies.