bug? PHP open_basedir in dolibarr v20 image

[JonBendtsen]

From Home, Admin Tools, about security
/admin/system/security.php?mainmenu=home&leftmenu=admintools

bug? PHP open_basedir in dolibarr v20 image

PHP open_basedir =  No   (Recommended: Some restricted path for data files, Example: /var/www/html,/var/www/documents)

Probably should be restricted

[JonBendtsen]

/usr/local/etc/php/php.ini

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
; Note: disables the realpath cache
; https://php.net/open-basedir
;open_basedir =

[JonBendtsen]

But we could also set it in the apache configuration

https://stackoverflow.com/questions/13291185/how-to-set-for-specific-directory-open-basedir

it is probably easier in the dockerfile to have a sed line that modifies /usr/local/etc/php/php.ini than to add an extra line to /etc/apache2/sites-enabled/000-default.conf

[JonBendtsen]

3. method could possible to create a /etc/apache/mods-enabled/php.conf file.

I did, with the contents 'php_admin_value open_basedir "/var/www"'

and guess what - I could no longer log in :-(

so that value is probably wrong :-(