|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-06-06 10:21 UTC] sniper@php.net
[2005-06-06 15:44 UTC] unknown-php at masterhost dot ru
[2005-06-08 08:45 UTC] unknown-php at masterhost dot ru
[2005-06-13 11:03 UTC] tony2001@php.net
[2005-06-21 01:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 13:00:01 2025 UTC |
Description: ------------ We have a mass virtual hosting server. Regardless of the open_basedir and other restriction, we can't restrict temp file creation to directory onside the user's home dir. Therefore user can create huge amount of files and overfull the file system, and we can't supervise it and even can't determine which user has created these files. It seems to be a bug or omission that tempnam can create files outside the open_basedir and there no another restriction for it. I think it should be any restriction to prevent situations like this. Reproduce code: --------------- php_admin_value open_basedir /home/user/ php_admin_value doc_root /home/user/domain php_admin_value upload_tmp_dir /home/user/domain/tmp <?php $tmpfname = tempnam("/tmp", "FOO"); $handle = fopen($tmpfname, "w"); fwrite($handle, "data"); fclose($handle); ?> Expected result: ---------------- We expect to see the error like this: "open_basedir restriction in effect. File /tmp/FOOxjEb8i) is not within the allowed path(s)" Actual result: -------------- Really the file was successfully created inside the system temp directory, outside the open_basedir path.