php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61948 CURLOPT_COOKIEFILE '' raises open_basedir restriction
Submitted: 2012-05-05 06:05 UTC Modified: 2012-05-05 16:55 UTC
From: jfb at zer7 dot com Assigned: laruence (profile)
Status: Closed Package: HTTP related
PHP Version: 5.4.2 OS: Ubuntu Server 12.04
Private report: No CVE-ID: None
 [2012-05-05 06:05 UTC] jfb at zer7 dot com
Description:
------------
Hello,

When setting CURLOPT_COOKIEFILE, I am finding that '' is raising the error:

Warning: curl_setopt_array(): open_basedir restriction in effect. File() is not within the allowed path(s): (/opt/www/:/usr/local/php/)

This suggests it is checking the string '' against open_basedir.
The documentation for CURLOPT_COOKIEFILE says:

"If the name is an empty string, no cookies are loaded, but cookie handling is still enabled."

I was told in FreeNode #php that '' actually uses a temporary file.
If this is true, it should be performing the check after it has chosen a temporary filename.

So essentially the bug I am reporting is that the order of these two checks is switched. As it stands, CURLOPT_COOKIEFILE '' is useless with open_basedir enabled.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-05 16:41 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:51 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:53 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:54 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:54 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:55 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2012-05-05 16:55 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-05-25 08:53 UTC] ab@php.net
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:35 UTC] stas@php.net
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:37 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:37 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC