open_basedir options for the package manager

I ran into a common problem as I've read on the forums. It happens when trying to install from the Packages Browser on Revo to install new packages. I am getting the:



After some research I encounter this had to do with the open_basedir setup on the server. So I went ahead and removed from my php.ino (I have my own servers with cpanel) the line:



Removing this line and saving the php.ini file I am then able to download and install packages automatically from within the manager.

However, this is something I just don't want to disable. I recently had one of my oldest servers hacked so I've become a bit paranoid with security. What I am wondering is if this is something that modx revo needs to figure out how to work around or if this is something I need to be flexible with on my server in regards of security? If so, what would then be the correct way to configure open_basedir that would still allow me to make full use of this functionality built into revo?

Thanks!

Is your Provider url set to rest.modx.com? If it is still rest.modxcms.com, try updating that to see if it still prevents the downloads. cURL cannot follow redirects when open_basedir restrictions are in effect.

its a default install. I checked the provider url, it is currently set as:

http://rest.modx.com/extras/

Any ideas? [ed. note: splittingred last edited this post 12 years, 8 months ago.]

oops, sorry for the bad formatting. I guess there was some html code in my clipboard.

Is there a different value that the provider url should (or could) be other than http://rest.modx.com/extras/ that would avoid the redirect?