Sanity check failed for source: Path is outside allowed path

  • Resolved schnorz

    (@schnorz)


    5 years, 5 months ago

    Hi after latest update most pictures on my site are not loading any more. I found a .htaccess file in patch wp-content with only webp in it.

    After deleting the file everything was working normally.

    I tried to restore old file .htaccess from older version of webp – but got me same error.

    Now i have webp disabled but would like to continue use. Any hints?

    Thanks schnorz

Viewing 15 replies - 31 through 45 (of 46 total)

  • Hi! I just made upgrade from 0.14.3 to 0.14.15 and after deleting converted files Conversion tests show:
    Result: Failure
    Message: Sanitation check failed for configuration file:

    Please advise a solution.
    Thanks jerzykre

    Plugin Author rosell.dk

    (@roselldk)

    Yes, have been working on that one today! I just released 0.14.16. Let me know if that fixes it.

    Yes! It works in 0.14.16. Thank you!

    Hi again, I found that after save settings a message appear:
    WebP Express Settings
    Configuration saved.
    Rewrite rules were saved to your .htaccess in your wp-content folder..
    Convert test image (show debug)
    Convert test image

    Any of these tests leads to an error 403:
    You have no privilage to /wp-content/plugins/webp-express/test/test.jpg?1561639911 on this server

    By the way, this test.jpg does not exist on the server.
    Best regards

    Plugin Author rosell.dk

    (@roselldk)

    Ok, but otherwise things are working fine?

    I guess I should simply remove the links then!

    Yes, it is only one issue I found.

    Hi! I have problem with 0.14.16 version. When I try to convert uploaded files, they become empty.
    During testing (cwebp, Gd extension, Remote) I get an error:

    Sanitation check failed for destination: Not an absolute pathC:\laragon\www\project\wp-content/webp-express/webp-images/doc-root/re\\wp-content\\plugins\\webp-express/test/test-pattern-tv.jpg.webp

    0.13.2 works great on the same server, but other project.

    Plugin Author rosell.dk

    (@roselldk)

    Ok, its the Windows path that is not recognized as an absolute path.
    I shall relax the sanity check to allow path to start with [drive letter]:\ on Windows, where drive letter can be A-Z. Please let me know if this needs further relaxing for Windows

    Created an issue for it here: https://github.com/rosell-dk/webp-express/issues/293

    • This reply was modified 5 years, 5 months ago by rosell.dk.
    Plugin Author rosell.dk

    (@roselldk)

    Fix just released in 0.14.17

    Thanks, but there is still an error:

    Sanitation check failed for destination: Path is outside document root

    That’s it, no path here.

    • This reply was modified 5 years, 5 months ago by dikoo. Reason: Typo
    Plugin Author rosell.dk

    (@roselldk)

    Ok.
    I unfortunately don’t have much more time before vacation.
    I hope someone can help out here.

    I had to make a lot of sanity checks in order for the plugin to be secure and get it reactivated. Many of these are creating problems.

    All these checks are done in the file lib/classes/SanityCheck.php

    We have for example this check which checks if a path is inside a base folder:

    
    public static function pathBeginsWith($input, $beginsWith, $errorMsg = 'Path is outside allowed path')
    {
        self::path($input);
        if (!(strpos($input, $beginsWith) === 0)) {
            throw new SanityException($errorMsg);
        }
        return $input;
    }

    To disable the test (your own responsibility! – these checks are here for security purposes), simply return $input in the first line:

    Notice that such a change will be overridden on the next plugin update. Unless I find someone to maintain while I’m on vacation, there will be no updates between 30th May and the end of July

    
    public static function pathBeginsWith($input, $beginsWith, $errorMsg = 'Path is outside allowed path')
    {
        // bypass check!
        return $input;

        self::path($input);
        if (!(strpos($input, $beginsWith) === 0)) {
            throw new SanityException($errorMsg);
        }
        return $input;
    }

    A better idea is to find out more about why it fails.
    To debug, you could for example change the function to:

    
    public static function pathBeginsWith($input, $beginsWith, $errorMsg = 'Path is outside allowed path')
    {
        self::path($input);
        if (!(strpos($input, $beginsWith) === 0)) {
            $errorMsg .= '. Path checked:' . $input . '. It does not begin with:' . 
$beginsWith
            throw new SanityException($errorMsg);
        }
        return $input;
    }

    I shall return to this issue in ~3 hours

    • This reply was modified 5 years, 5 months ago by rosell.dk.
    • This reply was modified 5 years, 5 months ago by rosell.dk.
    Plugin Author rosell.dk

    (@roselldk)

    I hope that you guys will help each other out while I’m away. Leaving Sunday at noon (but probably will not have time to do anything Sunday).

    Again: If someone is interested in maintaining WebP Express while I’m away, it would be a relief!

    Having the same issue with the latest. Version 0.14.21 Under conversion method click test and all test methods result in failure reason:Sanitation check failed for destination: Path is outside document root.

    Marco

    (@marcoherzog)

    Same for me: Path is outside document root.
    Need to use symlinks for Capistrano-shared folder.
    (Works fine with a normal folder.)
    Version 0.14.22

    Plugin Author rosell.dk

    (@roselldk)

    Hi,

    I hope to have this resolved in the next release, which will be in a couple of work days from now.

Viewing 15 replies - 31 through 45 (of 46 total)
  • The topic ‘Sanity check failed for source: Path is outside allowed path’ is closed to new replies.