Closed
Description
Horizon Version
5.24.3
Laravel Version
10.48.10
PHP Version
8.2.18
Redis Driver
PhpRedis
Redis Version
6.0
Database Driver & Version
Mysql 8.0
Description
This recent update broke access to the dashboard when using open_basedir ini values.
Seems trying to access a nonexistent file in the root of server. For security purposes we don't allow php access outside of project.
Steps To Reproduce
- set open_basedir to /var/www:/tmp in php.ini or whatever paths your laravel project in
- Go to /horizon/dashboard
it seems to be loading in root of server /vendor path
[previous exception] [object] (ErrorException(code: 0): is_file(): open_basedir restriction in effect. File(/vendor/horizon/nonExistentFile) is not within the allowed path(s): (/var/www:/tmp) at /var/www/laravel/vendor/laravel/framework/src/Illuminate/Foundation/Vite.php:794)
[stacktrace]
#0 /var/www/laravel/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(255): Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(2, 'is_file(): open...', '/var/www/larave...', 794)
#1 [internal function]: Illuminate\\Foundation\\Bootstrap\\HandleExceptions->Illuminate\\Foundation\\Bootstrap\\{closure}(2, 'is_file(): open...', '/var/www/accoun...', 794)
#2 /var/www/laravel/vendor/laravel/framework/src/Illuminate/Foundation/Vite.php(794): is_file('/vendor/horizon...')
#3 /var/www/laravel/vendor/laravel/framework/src/Illuminate/Foundation/Vite.php(669): Illuminate\\Foundation\\Vite->isRunningHot()
It should try to load /var/www/laravel/vendor/horizon/nonExistentFile not /vendor/horizon/nonExistentFile
Metadata
Metadata
Assignees
Labels
No labels