PHP Warning at menu-header.php line 118

[creativenadir]

After performing a new installation of 2.8-IIS release on machine running PHP under IIS' FastCGI, cannot access wp-admin pages; returns error "open_basedir restriction in effect..." and implicates line 118 of wp-admin/menu-header.php. Checking php.ini, I ensured that safe mode was off, commented-out the open_basedir parameter, and restarted IIS to no avail.

On a whim, I replaced line 118 with its 2.7.1 version, and the problem disappeared! Moreover, after it began working, I returned line 118 to its previous version and it continued to work without error from then on.

Version 2.8:

 if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") ) || ! empty($menu_hook) ) {

to Version 2.7.1:

if ( ( file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") && ('index.php' != $sub_item[2]) ) || ! empty($menu_hook) ) { 

[ryan]

See #10011

[peaceablewhale]

Looks like a different issue.

"(('index.php'!=$sub_item[2]) && file_exists(WP_PLUGIN_DIR."/{$sub_item[2]}"))

!empty($menu_hook))" and "(file_exists(WP_PLUGIN_DIR."/{$sub_item[2]}") && ('index.php'!=$sub_item[2]))

!empty($menu_hook)" appear the same (although the order is different).

Would you verify that the change in order has fixed the problem? Also, is the error open_basedir-related?

[peaceablewhale]

In addition, what are the versions of your PHP and IIS?

[Denis-de-Bernardy]

it might be that sub_menu contains ../ in it or something.

[ryan]

Related: [10890]

[Denis-de-Bernardy]

It's actually related to this:

​http://bugs.php.net/bug.php?id=41518

"If we remove this warning for non-existent files, it could be possible
to use file_exists() to detect which files exists (since it's perfectly
legal to print this warning when the file exists)."

[Denis-de-Bernardy]

mm, maybe not, we're talking about a fatal error, rather than a warning.

[Denis-de-Bernardy]

line 118 in r10890 mostly sought to optimize the thingy by inverting the checks, to avoid an unneeded file_exists call.

@creativenadir: please give the patch I'll attach in a sec a shot.

[peaceablewhale]

"open_basedir restriction in effect" is never a fatal error, and it is not limited to IIS I think.

To fix it, we have to either ask PHP not to report any Warning or add @ before all file_exists calls. Which method is better?

[peaceablewhale]

Actually, if error_reporting is set to E_ALL in php.ini, I can't even enter /wp-admin/... The PHP Warning blocked the access.

[peaceablewhale]

see also #7640 and #5771, which are also related to open_basedir.

Disabling PHP Warning will also fix them.

[Denis-de-Bernardy]

@peaceablewhale: the odd thing is, the patch I uploaded is what the reporter suggested fixed it for him. have you tried it in a setup similar to his?

[peaceablewhale]

I have tried the patch but it doesn't work. The PHP Warning remains blocking the Admin interface.

[peaceablewhale]

I have uploaded a patch that uses @file_exists to fix the problem. Tested it with PHP 5.2.9-2 NTS on IIS 7.5 via FastCGI.

By the way, the PHP Warning in full is:

PHP Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(C:\wwwroot\wordpress/wp-content/plugins/edit-tags.php?taxonomy=post_tag) is not within the allowed path(s): (C:\wwwroot) in C:\wwwroot\wordpress\wp-admin\menu-header.php on line 118

[peaceablewhale]

This patch (10132-disable-PHP-Warning.patch) disables PHP Warning, which fixes this report and probably also #7640 and #5771. Tested with PHP 5.2.9-2 NTS on IIS 7.5 via FastCGI as well.

[ryan]

Is it the query arg causing the problem. Maybe we should trim '/\?.*$/'.

[ryan]

Patch strips query from file names.

[peaceablewhale]

Using preg_replace('/\?.*$/',,SUBJECT) seems to have better code readability.

[peaceablewhale]

Tested 10132.2.diff on PHP 5.2.9-2, IIS 7.5 via FastCGI.

[ryan]

I was going for fast. Usually strpos and substr are faster than pregs.

[ryan]

Updated the patch to fix submenu highlighting that was broken by a variable naming collision. menu-header.php could stand a thorough cleanup, but let's save that for later.

[peaceablewhale]

Verified fixed.

[ryan]

(In [11582]) Trim query strings from menu entries before seeing if a corresponding file exists. fixes #10132 for trunk

[ryan]

[11583]