Open_basedir issue with woocommerce gift certificates plugin

On development I’m having an issue that the woocommerce gift certificate plugin is trying to access a file outside of open_basedir restrictions. This is only on development as it’s a cache busting tactic by the plugin developers.

        if ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG && file_exists( $file ) ) {
            return filemtime($file);

This is the error

Warning: file_exists(): open_basedir restriction in effect. File(/assets/dist/frontend/blocks.css) is not within the allowed path(s): (/srv/www/:/tmp) in /srv/www/ on line 212

I can of course modify the plugin code and just return a random string instead but is there any way to fix this using trellis / vagrant settings?

The plugin doesn’t have a filter for the temp folder / temp file paths?

The PHP open_basedir config is set by a jinja template (Trellis ansible):

You would have to override it so you can specify your own open_basedir values,

php_admin_value[open_basedir] = {{ php_open_basedir }}

And then set the php_open_basedir variable as with other variables, e.g. to
{{ www_root }}/:/tmp:/extra-path-the-plugin-is-hardcoded-to-use/
(The path delimiter/separator in POSIX/Linux/(here) is :).

1 Like

That error is weird because the file in the error (/assets/dist/frontend/blocks.css) is within /srv/www/ since it would in the plugin directory. Seems like it’s tripping on an absolute path being specified since it begins with a /?

Seems like a bug in that plugin if so. Even if you added a path to allow open_basedir to open it, isn’t that path just wrong?

The path does seem incorrect. I’m not certain what it should be though. Does it need to be relative to the calling php file, or correctly relative to srv/www and therefore need to know the name of the domain.

You need to find out where and how $file is set.

That is clear in the plug-in code. It sets it literally to the string shown in the error. So the asset path of the vendor plug-in folder.

I would prefer not to have to maintain a version of the plug-in just for my dev environment. Maybe I just tweak the open_basedir. But will that effect remote servers as well?

But this would only be used for development environments?
Then this wouldn’t have such a large impact as you can be more lenient how the development system can be set up.

@strarsis , yes it only executes based on the following being true. So it’s not local development specific but is specific to debug being true.

My question is, as I would prefer not to modify the plugin code, if I do modify the open_basedir settings in roles/wordpress-setup/templates/php-fpm.conf, will this also be used to configure the remote servers for staging and production, or is this only for development.

You would have to modify the php-fpm config template in Trellis so that it uses a variable (e.g. php_open_basedir) for the open_basedir option value. Then you can define the previous value as the default for the variable ({{ www_root }}/:/tmp. Finally you would set that variable to a different value just for development environment in Trellis, equally to what can be done with the other variables.

1 Like

FWIW, sometimes I end up needing to apply Composer patches to troublesome WP plugins — it can end up being the easiest and quickest solution. This way you don’t need to fork/maintain a separate plugin.


So in the end I changed the open_basedir per @strarsis comments. However, no open_basedir options would work because of the leading ‘/’ on the plugin’s path string. I’ve now patched that but thank you for all of the insight along the way!


Yes, it is better to fix a misbehaving plugin than trying to set-up the server/environment around it.
Have you created a ticket for the plugin support? This should be fixed there.