I have a couple of issues upgrading a plugin
-
When I goto Administration → Settings Wizard → Plugins → Plugin Gallery I see there is e.g an update available for [ORCiD Profile] - Can be upgraded
If I click on that plugin a dialog pops-up with the button [Upgrade]
The another popup appears with [Are you sure you wish to upgrade this plugin?]
If I click okay nothing happens and in the browser’s console window I see this error appear
Failed to load resource: the server responded with a status of 500 ()
it tried to goto https://mywebsitehere.org/ojs/$$$call$$$/grid/plugins/plugin-gallery-grid/upgrade-plugin?rowId=23 and that url returns {“status”:false,“content”:"",“elementId”:“0”,“events”:null} -
When I try the other route:
Administration → Settings Wizard → Plugins → Installed Plugins → ORCID Profile Plugin → [Upgrade]
I see the [Upgrade Plugin] dialog
I select the latest plugin file orcidProfile-v1_1_2-4.tar.gz and click [Save]
Then I get this error:
Notification: The tar command is not available. Please correctly configure it in your config.inc.php".
It is actually properly configured in the config.inc.php,
; tar (used in backup plugin, translation packaging)
tar = /usr/bin/tar
however if I check in the server log it seems that is has no access to it.
AH01071: Got error ‘PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/tar) is not within the allowed path(s): (/var/www/vhosts/mywebsitehere.org/:/tmp/) in [/var/www/vhosts/mywebsitehere.org/httpdocs/lib/pkp/classes/plugins/PluginHelper.inc.php] on line 64’, referer: https://mywebsitehere.org/index/admin/wizard/1
It seems to me a little bit of a security issue to add the whole /usr/sbin directory to the open_basedir setting. Not comfortable with that.
Questions:
- What could cause issue 1 (is it again related to open_basedir ?)
- Is there a manual solution for upgrading plugins. E.g by deactivating the plugin; uploading the new sources by ftp, and activating it again? How would that process work? Or does the interface add some additional steps?
- Is there another way of upgrading plugins by not having to give low level access to server’s local binaries directory? E.g. by offering it in a zip that which just be unzipped in a temp directory all in php based software with no need to access of /bin/ ?