Description
- Laravel Version: 8.83.9
- PHP Version: 7.4.29
- Database Driver & Version: -
Description:
If open_basedir is enabled on the server and Artisan:call() command called from the web, not from the console (e.g. in the controller),
the whole script fails with php error: realpath(): open_basedir restriction in effect. File(/) is not within the allowed path(s)
I've investigated the problem from my side. It comes with the update of symfony/console package from 5.3 to 5.4.
Related issue: symfony/symfony#44457
Place in the code: https://github.com/symfony/symfony/blob/d11e41be6cb23016894c564d5c2b9ef3357ecaa7/src/Symfony/Component/Console/Command/DumpCompletionCommand.php#L44
Since 5.4 version it calls realpath($_['PHP_SELF']) inside. Everything works well if it's called from console.
But if make Artisan:call from web, then PHP_SELF returns "/". It works also ok until open_basedir is disabled.
But when the restrictions are enabled, it fails with the error, because "/" path is not allowed.
Steps To Reproduce:
- Prepare server with php 7.4.29 and latest laravel 8.
- Enable open_basedir on the server with some directory enabled (e.g. /var/www).
- Add following code to the controller:
\Artisan:call('cache:clear'); - Open the page with the controller and see the result.