php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17157 fopen can bypass safe_mode
Submitted: 2002-05-11 15:51 UTC Modified: 2002-06-18 19:59 UTC
From: ilia at prohost dot org Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.2.0 OS: Linux 2.4.18
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ilia at prohost dot org
New email:
PHP Version: OS:

 

 [2002-05-11 15:51 UTC] ilia at prohost dot org 
If a readfile() function is passed 3rd parameter, which normally indicated that the file should be opened from the "include_path", it can by pass safe_mode limitations.

ex.

<?php
fpassthru(fopen("/etc/passwd", "r", 1));
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-11 16:01 UTC] rasmus@php.net 
Same bug as 17156 - fixed in CVS
 [2002-06-18 19:59 UTC] sniper@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue May 21 20:01:32 2024 UTC