|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2013-04-03 20:16 UTC] mail+php at requinix dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Mar 31 16:01:29 2025 UTC |
Description: ------------ Tested on Windows; Linux's behavior is as expected. I'm using a Plesk install but I think this will happen with any similar folder structure. Basically, open_basedir or require_once give confusing error messages when multiple parent folders to the open_basedir have security settings which prevent access. The confusing error messages are pasted under Actual Result; "open_basedir restriction in effect. File() is not within the allowed path(s)" is the first error seen, which is an incorrect error; the file IS within the allowed path. Only the second error message, Operation not permitted, is somewhat accurate. However it is still suboptimal compared to the other error condition: When only the open_basedir itself (and not its parent folder) has security settings which prevent access, the error message is what I would expect. The expected error message is pasted under Expected Result; "Permission denied" is the appropriate error to use when file/folder permissions are preventing access to a file or folder, not "operation not permitted." Test script: --------------- <?php // First, ensure that the Plesk, Additional, PleskPHP5, and PEAR folder (and its contents, including the MDB2.php file) all have their Windows security settings such that the PHP user CANNOT read or list the contents (i.e. readable to admins only.) Then ensure that open_basedir includes the path to the file (C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\). Then run this script, note the output, and click the "try opening file" link at the bottom, and note the output. // Second, grant permissions to read and list all folders, EXCEPT for the PEAR folder (and its contents, including the MDB2.php file.) Run this script and note outputs. // Finally, grant permissions to read and list all folders including the PEAR folder and the MDB2.php file. Run this script and note outputs. echo "<pre>"; echo shell_exec("whoami")."-------------------------------------------\n"; echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\ && dir"))."-------------------------------------------\n"; echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\Plesk\ && dir"))."-------------------------------------------\n"; echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\Plesk\Additional\ && dir"))."-------------------------------------------\n"; echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\ && dir"))."-------------------------------------------\n"; echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\ && dir"))."-------------------------------------------\n"; if(isset($_GET["open"])){ if(require_once('C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php')){ echo "OPENED\n"; } else { echo "FAILED TO OPEN\n"; } } echo '<a href="?open=true">Try opening file</a>'; echo "</pre>"; Expected result: ---------------- When any file/folder security setting causes the file to be inaccessible: PHP Warning: require_once(C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php): failed to open stream: Permission denied in C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.p hp on line 16 PHP Fatal error: require_once(): Failed opening required 'C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php' (include_path='.;./includes;./pear') in C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.p hp on line 16 Actual result: -------------- When the Additional (including PleskPHP5 folder by inheritance) AND PEAR folders are inaccessible to the user: PHP Warning: require_once(): open_basedir restriction in effect. File(C:/Program Files (x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php) is not within the allowed path(s): (C:/Inetpub/vhosts/server.example.net\;C:\Windows\Temp\;C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\) in C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2 PHP Warning: require_once(C:/Program Files (x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php): failed to open stream: Operation not permitted in C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2 PHP Fatal error: require_once(): Failed opening required 'C:/Program Files (x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php' (include_path='.;./includes;./pear') in C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2 When only the PEAR folder is inaccessible to the user: PHP Warning: require_once(C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php): failed to open stream: Permission denied in C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test. php on line 16 PHP Fatal error: require_once(): Failed opening required 'C:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php' (include_path='.;./includes;./pear') in C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test. php on line 16