PHP :: Bug #13420 :: open_basedir breaks Apache SSI xbithack

Bug #13420	open_basedir breaks Apache SSI xbithack
Submitted:	2001-09-24 15:33 UTC	Modified:	2002-08-22 11:42 UTC
From:	wbrown at arkie dot net	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	4.0.6	OS:	Linux mainserver2 2.4.4
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-09-24 15:33 UTC] wbrown at arkie dot net

Linux version 2.4.4
Apache version 1.3.19
Php version 4.0.6

When xbithack is set to FULL in .htaccess, setting test.htm chmod to 754 allows the SSI calls in test.htm to perform as expected.

However, when open_basedir is specified in httpd.conf the xbithack directive is ignored and SSI calls in test.htm stop working.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-09-25 09:18 UTC] wbrown at arkie dot net

This may be the reason that some of the developers were not able to reproduce a similar bug reported in Bug id #10575.

[2001-09-27 15:07 UTC] wbrown at arkie dot net

Changing any php_admin setting through the httpd.conf file using the following format appears to breaks Apache SSI xbithack:

<DIRECTORY />
    php_admin_value open_basedir "."
    php_admin_flag asp_tags on
</DIRECTORY>

[2002-01-11 05:28 UTC] N dot Cole at sc98c dot demon dot co dot uk

This same bug strikes PHP 4.0.6 on Solaris 2.6. Our system runs PHP in safe mode with no exec dir; as a result, NO html page marked as executable can be displayed. This is so crippling that we're going to have to remove PHP until it is fixed :-(

It looks as though PHP is scanning all HTML pages when the XBitHack is enabled.

[2002-08-22 11:42 UTC] iliaa@php.net

Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 21:00:02 2025 UTC