php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37430 opendir() leak
Submitted: 2006-05-13 16:44 UTC Modified: 2006-05-13 17:01 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: tim dot site at gmail dot com Assigned:
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 5.1.4 OS: windows 2000
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tim dot site at gmail dot com
New email:
PHP Version: OS:

 

 [2006-05-13 16:44 UTC] tim dot site at gmail dot com
Description:
------------
opendir() lets users browse al files on the server, even the one of other hardisk and ffiles in the htdocs list. Is this bug? this is very bad for the server security.

Reproduce code:
---------------
<?php
function select_files($dir, $label = "", $select_name, $curr_val = "", $char_length = 30) {
    $teller = 0;
    if ($handle = opendir($dir)) {
        $mydir = ($label != "") ? "<label for=\"".$select_name."\">".$label."</label>\n" : "";
        $mydir .= "<select name=\"".$select_name."\">\n";
        $curr_val = (isset($_REQUEST[$select_name])) ? $_REQUEST[$select_name] : $curr_val;
        $mydir .= ($curr_val == "") ? "  <option value=\"\" selected>...\n" : "<option value=\"\">...\n";
        while (false !== ($file = readdir($handle))) {
            $files[] = $file;
        }
        closedir($handle);
        sort($files);
        foreach ($files as $val) {
            if (is_file($dir.$val)) { // show only real files (ver. 1.01)
                $mydir .= "    <option value=\"".$val."\"";
                $mydir .= ($val == $curr_val) ? " selected>" : ">";
                $mydir .= (strlen($val) > $char_length) ? substr($val, 0, $char_length)."...\n" : $val."\n";
                $teller++;    
            }
        }
        $mydir .= "</select>";
    }
    if ($teller == 0) {
        $mydir = "No files!";
    } else {
        return $mydir;
    }
}

echo select_files("C:/winnt/", "", "", "", "60");
?> 

Expected result:
----------------
I espect an error because I entered a folder that should not be visibible for other users

Actual result:
--------------
I see the files of the C:/winnt dir, but other Files on other harddisks are also possible to see even the files in the htdocs directory are visible, so i can see the files of other users.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-13 16:53 UTC] pajoye@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Tip of the day: openbasedir.
 [2006-05-13 17:01 UTC] tim dot site at gmail dot com
Thanx for your fast reaction.
Mmm it was not a bug. I'll ask it to the support section :)

Tim
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 22:01:28 2024 UTC