v7 – Multiple CSS file path errors

  • Resolved Rafał Całka

    (@rafaucau)


    1 year ago

    Report Number: GKDCJQMK

    After updating LiteSpeed Cache plugin to version 7.0, Query Monitor shows numerous CSS file warnings. The plugin appears to be incorrectly handling file paths, using file content and links instead of proper server paths.

    Examples:

    app/plugins/litespeed-cache/lib/css_js_min/minify/minify.cls.php:480

    is_file(): open_basedir restriction in effect. File( :root{--wp-admin-theme-color:#007cba;--wp-admin-theme-color--rgb:0,124,186;--wp-admin-theme-color-darker-10:#006ba1;--wp-admin-theme-color-darker-10--rgb:0,107,161;--wp-admin-theme-color-darker-20:#005a87;--wp-admin-theme-color-darker-20--rgb:0,90,135;--wp-admin-border-width-focus:2px;--wp-block-synced-color:#7a00df;--wp-block-synced-color--rgb:122,0,223;--wp-bound-block-color:var(--wp-block-synced-color)}@media (min-resolution:192dpi){:root{--wp-admin-border-width-focus:1.5px}}.wp-element-button{cursor:pointer}:root{--wp--preset--font-size--normal:16px;--wp--preset--font-size--huge:42px}:root .has-very-light-gray-background-color{background-color:#eee}:root .has-very-dark-gray-background-color{background-color:#313131}:root .has-very-light-gray-color{color:#eee}:root .has-very-dark-gray-color{color:#313131}:root .has-vivid-green-cyan-to-vivid-cyan-blue-gradient-background{background:linear-gradient(135deg,#00d084,#0693e3)}:root .has-purple-crush-gradient-background{background:linear-gradient(135deg,#34e2e4,#4721fb 50%,#ab1dfe)}:root .has-hazy-dawn-gradient-background{background:linear-gradient(135deg,#faaca8,#dad0ec)}:root .has-subdued-olive-gradient-background{background:linear-gradient(135deg,#fafae1,#67a671)}:root .has-atomic-cream-gradient-background{background:linear-gradient(135deg,#fdd79a,#004a59)}:root .has-nightshade-gradient-background{background:linear-gradient(135deg,#330968,#31cdcf)}:root .has-midnight-gradient-background{background:linear-gradient(135deg,#020381,#2874fc)}.has-regular-font-size{font-size:1em}.has-larger-font-size{font-size:2.625em}.has-normal-font-size{font-size:var(--wp--preset--font-size--normal)}.has-huge-font-size{font-size:var(--wp--preset--font-size--huge)}.has-text-align-center{text-align:center}.has-text-align-left{text-align:left}.has-text-align-right{text-align:right}#end-resizable-editor-section{display:none}.aligncenter{clear:both}.items-justified-left{justify-content:flex-start}.items-justified-center{justify-content:center}.items-justified-right{justify-content:flex-end}.items-justified-space-between{justify-content:space-between}.screen-reader-text{border:0;clip:rect(1px,1px,1px,1px);clip-path:inset(50%);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px;word-wrap:normal!important}.screen-reader-text:focus{background-color:#ddd;clip:auto!important;clip-path:none;color:#444;display:block;font-size:1em;height:auto;left:5px;line-height:normal;padding:15px 23px 14px;text-decoration:none;top:5px;width:auto;z-index:100000}html :where(.has-border-color){border-style:solid}html :where([style*=border-top-color]){border-top-style:solid}html :where([style*=border-right-color]){border-right-style:solid}html :where([style*=border-bottom-color]){border-bottom-style:solid}html :where([style*=border-left-color]){border-left-style:solid}html :where([style*=border-width]){border-style:solid}html :where([style*=border-top-width]){border-top-style:solid}html :where([style*=border-right-width]){border-right-style:solid}html :where([style*=border-bottom-width]){border-bottom-style:solid}html :where([style*=border-left-width]){border-left-style:solid}html :where(img[class*=wp-image-]){height:auto;max-width:100%}:where(figure){margin:0 0 1em}html :where(.is-position-sticky){--wp-admin--admin-bar--position-offset:var(--wp-admin--admin-bar--height,0px)}@media screen and (max-width:600px){html :where(.is-position-sticky){--wp-admin--admin-bar--position-offset:0px}} ) is not within the allowed path(s): (/home/******************/******/:/home/******************/.tmp/:/***************/:/usr/local/lsws/share/autoindex:/usr/local/php/:/dev/urandom:/opt/alt/php84/usr/share/pear/:/opt/alt/php84/usr/share/php:/opt/alt/php84/)

    app/plugins/litespeed-cache/lib/css_js_min/pathconverter/converter.cls.php:61

    realpath(): open_basedir restriction in effect. File(/usr/local/lsws/fcgi-bin) is not within the allowed path(s): (/home/***************/*********/:/home/***************/.tmp/:/*********/:/usr/local/lsws/share/autoindex:/usr/local/php/:/dev/urandom:/opt/alt/php84/usr/share/pear/:/opt/alt/php84/usr/share/php:/opt/alt/php84/)
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support litetim

    (@litetim)

    1 year ago

    @rafaucau Hello
    Thank you for report.
    I was able to reproduce the issue.
    For this I enabled open_basedir restriction on server.


    I tried optimizing the code, but would hit this limitation.
    Please contact hosting company and tell them to disable open_basedir restriction.

    Please keep us updated

    Thread Starter Rafał Całka

    (@rafaucau)

    1 year ago

      @litetim I think there’s a misunderstanding about the problem. The issue isn’t that open_basedir is too restrictive – it’s that the plugin is trying to use file contents as file paths, which is incorrect behavior. This is a bug in how the plugin is handling file references in version 7.0. Disabling open_basedir would just hide the symptoms without fixing the actual problem. Could you please fix how the plugin processes CSS file references rather than asking users to disable important security features?

      Plugin Support litetim

      (@litetim)

      1 year ago

      @rafaucau I understand your point.

      Looking at minification code that function runs to test if data is path to a local file.
      In this case your error appears because the tested code is inline, but will your site work if the file is a path?
      For example: load a font from CSS will throw the same error
      is_file(): open_basedir restriction in effect. File(/https://eeeee.aaaaaa.com/wp-content/themes/twentytwentyfive/assets/fonts/fira-code/FiraCode-VariableFont_wght.woff2) is not within the allowed path(s): (/usr/local/lsws/FileManager:/tmp:/home/eeee.aaaaaa.com/public_html)
      You see my point?

      I wonder if LSC works as expected for you. There are places where is_file is used: crawler, utility

      Thread Starter Rafał Całka

      (@rafaucau)

      1 year ago

      Yes, my site works, but I’m seeing over 100 warnings in Query Monitor and Sentry that weren’t there before updating to version 7.0. The key issue appears to be that the plugin is using is_file() on URLs like https://eeeee.aaaaaa.com/… and CSS content, which will naturally fail with open_basedir restrictions since they aren’t valid server file paths.

      Plugin Support litetim

      (@litetim)

      1 year ago

      @rafaucau I see your point and I will forward it to devs to apply a fix.
      Thank you for your report 🙂

    Viewing 5 replies - 1 through 5 (of 5 total)

    The topic ‘v7 – Multiple CSS file path errors’ is closed to new replies.

    • 8 replies
    • 2 participants
    • Last reply from: litetim
    • Last activity: 1 year ago
    • Status: resolved