php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65489 glob() basedir check is inconsistent
Submitted: 2013-08-20 15:43 UTC Modified: 2013-08-21 06:41 UTC
From: ab@php.net Assigned:
Status: Closed Package: Filesystem function related
PHP Version: Irrelevant OS: irrelevant
Private report: No CVE-ID: None
 [2013-08-20 15:43 UTC] ab@php.net
Description:
------------
As documentation states

"Returns an array containing the matched files/directories, an empty array if no 
file matched or FALSE on error."

whereby in case when internal glob() has returned NOMATCH, there's no reliable 
way to do basedir check. As examples below illustrate, when the glob query is 
complex, glob() returned NOMATCH and query is valid within basedir, it still 
will return bool(false) to the userspace in the most cases.

If the result is empty, using php_check_open_basedir_ex() on the pattern will 
work "somehow" only if it's a direct filesystem path or close to it, so 
generally such check is senseless. Therefore what documentation states about 
returning an empty array vs. false cannot be guaranteed.

The same misbehavior persists on windows with correspondingly modified queries.


Test script:
---------------
<?php
ini_set("open_basedir", "/etc");
 /* found */
var_dump(glob("/etc"));
/* found given you're on debian :) */
var_dump(glob("/???/issue"));
/* basedir restriction */
var_dump(glob("/usr"));
/* basedir restriction, but that's a random result. PHP
doesnot really check /usr/nonono and /etc/nonono against basedir */
var_dump(glob("/{usr,etc}/nonono", GLOB_BRACE));
/* erroneous basedir restriction */
var_dump(glob("/[e]??/hey"));
/* erroroneous basedir restriction */
var_dump(glob("/???/absent"));

Expected result:
----------------
array(1) {
  [0]=>
  string(4) "/etc"
}
array(1) {
  [0]=>
  string(10) "/etc/issue"
}
bool(false)
bool(false)
array(0) {
}
array(0) {
}

Actual result:
--------------
array(1) {
  [0]=>
  string(4) "/etc"
}
array(1) {
  [0]=>
  string(10) "/etc/issue"
}
bool(false)
bool(false)
bool(false)
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-21 06:41 UTC] ab@php.net
Here's also a pull request implementing GlobIterator where this topic was 
discussed https://github.com/php/php-src/pull/398
 [2022-08-02 17:37 UTC] git@php.net
Automatic comment on behalf of bukka
Revision: https://github.com/php/php-src/commit/e5ab9f45d58245534020820072dc3c491679cc21
Log: Fix bug #65489: glob() basedir check is inconsistent
 [2022-08-02 17:37 UTC] git@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 11:01:30 2024 UTC