PHP :: Bug #52010 :: open_basedir restrictions mismatch on vacuum command

Bug #52010

open_basedir restrictions mismatch on vacuum command

Submitted:

2010-06-06 21:51 UTC

Modified:

2010-06-20 16:25 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

hajo at csphere dot eu

Assigned:

iliaa (profile)

Status:

Closed

Package:

SQLite related

PHP Version:

5.3.2

OS:

Windows (any)

Private report:

CVE-ID:

None

View Developer Edit

[2010-06-06 21:51 UTC] hajo at csphere dot eu

Description:
------------
with open_basedir enabled and an sqlite3 database file within one of these allowed directories - using the sqlite3 extension - the sql command "vacuum <insert_tablename_here>" triggers an open_basedir restriction error.

what confuses the most is that File() in the error message seems to be empty every time this error occurs and i haven't discovered such behavior in similar problems.

pdo_sqlite extension is also affected, sqlite3 lib version is 3.6.22

Test script:
---------------
$sqlite3->query('vacuum <anytable>');

Expected result:
----------------
no error returned

Actual result:
--------------
PHP-Warning: Warning: SQLite3::query() [sqlite3.query]: open_basedir restriction in effect. File() is not within the allowed path(s): (<a lot of paths listed in here>) in test.php on line 77

PHP-Warning: Warning: SQLite3::query() [sqlite3.query]: Unable to execute statement: not authorized in test.php on line 77

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-06-06 21:52 UTC] hajo at csphere dot eu

-Summary: open_basedir restrictions mismatch on vaccum command +Summary: open_basedir restrictions mismatch on vacuum command

[2010-06-06 21:52 UTC] hajo at csphere dot eu

corrected summary

[2010-06-09 18:04 UTC] iliaa@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300318
Log: Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).

[2010-06-09 18:05 UTC] iliaa@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa

[2010-06-09 18:05 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2010-06-20 02:09 UTC] hajo at csphere dot eu

version 5.3.3 fixes this for sqlite3, but pdo_sqlite still has this bug

error message says the authorization is denied

[2010-06-20 16:12 UTC] felipe@php.net

Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300612
Log: - Completed the fix for bug #52010
# Fixing pdo drivers

[2010-06-20 16:25 UTC] felipe@php.net

A fix was committed for the PDO drivers. Thanks.

[2015-06-22 15:05 UTC] cmb@php.net

Related To: Bug #68393

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 09 04:00:01 2025 UTC