Thanks for maintaining this library and for the work you’ve put into it. It’s been very useful for us, and I appreciate you taking the time to review this issue.
Description
The PDF signing process fails when application debug mode is enabled due to a PHP warning raised inside the JSignPDF PHP wrapper.
Warning: file_exists(): open_basedir restriction in effect.
File(/var/www/vhosts/somedomain.com/jsignpdf/JSignPdf.jar/.jsignpdf_version_jsignpdf-2.3.0.zip)
is not within the allowed path(s): (/var/www/vhosts/somedomain.com/:/tmp/)
This warning causes the signing process to fail when PHP is in a strict mode.
According to the README, the following configuration is documented:
$param->setjSignPdfJarPath('/path/to/jsignpdf');
This suggests that a directory should be provided.
But, in practice:
Passing a directory (e.g. /var/www/vhosts/somedomain.com/jsignpdf) results in:
Error: Invalid or corrupt jarfile /var/www/vhosts/somedomain.com/jsignpdf
This indicates that the value passed to setjSignPdfJarPath() must point to the JAR file itself.
Passing the JAR file path works correctly but only when debug mode is disabled.
$param->setjSignPdfJarPath('/var/www/vhosts/somedomain.com/jsignpdf/JSignPdf.jar');
While investigating, I found that in
src/Runtime/JSignPdfRuntimeService.php, method validateVersion(), the value returned by getJSignPdfPath() is treated as a directory:
$versionCacheFile = $jsignPdfPath . '/.jsignpdf_version_' . basename($params->getJSignPdfDownloadUrl());
When $jsignPdfPath is a JAR file path, this produces an invalid filesystem path such as:
/path/to/JSignPdf.jar/.jsignpdf_version_...
PHP triggers a file_exists() warning, which breaks execution when strict error handling is enabled.
Working fix
Proof fix, which works for me
Changing the above line to use the parent directory resolves the issue completely:
$versionCacheFile = \dirname($jsignPdfPath) . '/.jsignpdf_version_' . basename($params->getJSignPdfDownloadUrl());
Please clarify or enforce whether setjSignPdfJarPath() expects a directory or a JAR file, and handle runtime/cache paths accordingly.
Thanks for maintaining this library and for the work you’ve put into it. It’s been very useful for us, and I appreciate you taking the time to review this issue.
Description
The PDF signing process fails when application debug mode is enabled due to a PHP warning raised inside the JSignPDF PHP wrapper.
Warning: file_exists(): open_basedir restriction in effect.
File(/var/www/vhosts/somedomain.com/jsignpdf/JSignPdf.jar/.jsignpdf_version_jsignpdf-2.3.0.zip)
is not within the allowed path(s): (/var/www/vhosts/somedomain.com/:/tmp/)
This warning causes the signing process to fail when PHP is in a strict mode.
According to the README, the following configuration is documented:
$param->setjSignPdfJarPath('/path/to/jsignpdf');This suggests that a directory should be provided.
But, in practice:
Passing a directory (e.g. /var/www/vhosts/somedomain.com/jsignpdf) results in:
Error: Invalid or corrupt jarfile /var/www/vhosts/somedomain.com/jsignpdf
This indicates that the value passed to setjSignPdfJarPath() must point to the JAR file itself.
Passing the JAR file path works correctly but only when debug mode is disabled.
$param->setjSignPdfJarPath('/var/www/vhosts/somedomain.com/jsignpdf/JSignPdf.jar');While investigating, I found that in
src/Runtime/JSignPdfRuntimeService.php, method validateVersion(), the value returned by getJSignPdfPath() is treated as a directory:
$versionCacheFile = $jsignPdfPath . '/.jsignpdf_version_' . basename($params->getJSignPdfDownloadUrl());When $jsignPdfPath is a JAR file path, this produces an invalid filesystem path such as:
/path/to/JSignPdf.jar/.jsignpdf_version_...
PHP triggers a file_exists() warning, which breaks execution when strict error handling is enabled.
Working fix
Proof fix, which works for me
Changing the above line to use the parent directory resolves the issue completely:
$versionCacheFile = \dirname($jsignPdfPath) . '/.jsignpdf_version_' . basename($params->getJSignPdfDownloadUrl());Please clarify or enforce whether setjSignPdfJarPath() expects a directory or a JAR file, and handle runtime/cache paths accordingly.