php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52010 open_basedir restrictions mismatch on vacuum command
Submitted: 2010-06-06 21:51 UTC Modified: 2010-06-20 16:25 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: hajo at csphere dot eu Assigned: iliaa (profile)
Status: Closed Package: SQLite related
PHP Version: 5.3.2 OS: Windows (any)
Private report: No CVE-ID: None
 [2010-06-06 21:51 UTC] hajo at csphere dot eu
Description:
------------
with open_basedir enabled and an sqlite3 database file within one of these allowed directories - using the sqlite3 extension - the sql command "vacuum <insert_tablename_here>" triggers an open_basedir restriction error.

what confuses the most is that File() in the error message seems to be empty every time this error occurs and i haven't discovered such behavior in similar problems.

pdo_sqlite extension is also affected, sqlite3 lib version is 3.6.22

Test script:
---------------
$sqlite3->query('vacuum <anytable>');

Expected result:
----------------
no error returned

Actual result:
--------------
PHP-Warning: Warning: SQLite3::query() [sqlite3.query]: open_basedir restriction in effect. File() is not within the allowed path(s): (<a lot of paths listed in here>) in test.php on line 77

PHP-Warning: Warning: SQLite3::query() [sqlite3.query]: Unable to execute statement: not authorized in test.php on line 77

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-06-06 21:52 UTC] hajo at csphere dot eu
-Summary: open_basedir restrictions mismatch on vaccum command +Summary: open_basedir restrictions mismatch on vacuum command
 [2010-06-06 21:52 UTC] hajo at csphere dot eu
corrected summary
 [2010-06-09 18:04 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300318
Log: Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
 [2010-06-09 18:05 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2010-06-09 18:05 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-06-20 02:09 UTC] hajo at csphere dot eu
version 5.3.3 fixes this for sqlite3, but pdo_sqlite still has this bug

error message says the authorization is denied
 [2010-06-20 16:12 UTC] felipe@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300612
Log: - Completed the fix for bug #52010
# Fixing pdo drivers
 [2010-06-20 16:25 UTC] felipe@php.net
A fix was committed for the PDO drivers. Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC