php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #55651 Option to force PHP to ignore the PASV address returned
Submitted: 2011-09-09 08:09 UTC Modified: 2015-12-15 12:01 UTC
Votes:182
Avg. Score:4.7 ± 0.6
Reproduced:166 of 166 (100.0%)
Same Version:67 (40.4%)
Same OS:115 (69.3%)
From: abrender at elitehosts dot com Assigned: kaplan (profile)
Status: Closed Package: FTP related
PHP Version: 5.3.8 OS: All
Private report: No CVE-ID: None
 [2011-09-09 08:09 UTC] abrender at elitehosts dot com
Description:
------------
In response to the PASV command, FTP servers sometimes return their IP address 
(10.X for example) and PHP honors this IP address, stores it in ftp->pasvaddr 
and uses that for future connections.

This is problematic because PHP won't be able to communicate with a server 
behind a NAT device using passive FTP.

The attached patch adds the USEPASVADDRESS option (a boolean) which can be set 
and read via the ftp_set_option() and ftp_get_option() functions. USEPASVADDRESS 
is set to TRUE by default to preserve existing functionality. When 
USEPASVADDRESS is set to FALSE, the ftp extension will ignore the IP address 
returned by the PASV command and instead use the IP address passed to 
ftp_connect() (or ftp_ssl_connect())

In the future we may expand the values to include AUTO which would ignore any 
RFC 1918 IP addresses returned by the PASV command.

The only thing to note is that the call to ftp_set_option() must be made before 
ftp_pasv() is called.


Patches

ftp_usepasvaddress_php70.patch.patch (last revision 2016-01-23 04:52 UTC by edistro01 at gmail dot com)
ftp_usepasvaddress_php70.patch (last revision 2015-12-10 12:00 UTC by kaplan@php.net)
ftp_usepasvaddress.patch (last revision 2011-09-09 08:10 UTC by abrender at elitehosts dot com)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-10 15:57 UTC] abrender at elitehosts dot com
PS - this patch works against PHP 5.2.17 as well as 5.3.8
 [2013-08-24 23:24 UTC] abrender at elitehosts dot com
Hi,

Any chance of this patch getting reviewed and accepted? (A more detailed 
explanation is at http://www.elitehosts.com/blog/php-ftp-passive-ftp-server-
behind-nat-
nightmare/)

There were 78 votes, 72 people reproduced the problem and other people are 
seeing the same problem:

http://blog.derakkilgo.com/2013/08/24/php-has-a-ftps-bug-please-vote-this-bug-
up-so-someone-will-approve-this-patch/

https://bugs.php.net/bug.php?id=64600

http://www.codingforums.com/archive/index.php/t-285742.html

http://www.techques.com/question/1-2851547/How-to-Send-File-over-secure-FTP-SSL-
Protocol

http://www.webdeveloper.com/forum/showthread.php?236275-ftp_connect-blocked

Thanks!
 [2015-09-03 13:41 UTC] oskar dot danielsson at hotmail dot com
It has been almost exactly four years since this bug report was created, but the bug persists in version 5.6.10. It has 165 votes with a 100% rate of reproduction. Why isn't this being reviewed?
 [2015-12-04 10:43 UTC] lucas dot bedout at free dot fr
Is the patch for 5.3.8 working on > 5.6 ?
 [2015-12-10 09:48 UTC] kaplan@php.net
The patch can be applied up until 5.6.10, after that is it requires a small typo change in ext/ftp/ftp.h to work ("configureable" -> "configurable"). It needs adaptation for the 7.0 branch.
 [2015-12-10 12:00 UTC] kaplan@php.net
The following patch has been added/updated:

Patch Name: ftp_usepasvaddress_php70.patch
Revision:   1449748839
URL:        https://bugs.php.net/patch-display.php?bug=55651&patch=ftp_usepasvaddress_php70.patch&revision=1449748839
 [2015-12-15 12:01 UTC] kaplan@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: kaplan
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC