php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17927 open_basedir is not working
Submitted: 2002-06-22 19:40 UTC Modified: 2002-10-19 23:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: matt at haught dot com Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.3.0 OS: FreeeBSD 4.7-RELEASE
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: matt at haught dot com
New email:
PHP Version: OS:

 

 [2002-06-22 19:40 UTC] matt at haught dot com
I am using the php_admin_value to set the open_basedir option within a <VirtualHost>, the option is accepted by apache-2.0.39 and is reflected by phpinfo().  I just moved my sites around and I forgot to change my open_basedir, and to my amazement i got no errors when opening any of the pages.  I also have open_basedir set to /usr/local/www/data as a default in my php.ini (mostly to remind me to set it for the virtual host's dir which is not in that dir).  I can change the values to anything in either the ini or through php_admin_value and no restrictions are put into place.  I put this bug into apache2 releated, but I am not sure if it is reflected in others.  I am using php4-200206211500 snap.

As a side note, php_admin_flag engine Off, also does nothing inside a <VirtualHost> or a <Location>, I am not sure if it is related.  php_value include_path /dir, DOES work properly.

--Matt

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-28 18:21 UTC] michael at moria dot de
At first, I read in a couple places to use "php_value", which is wrong.  "php_admin_value" is correct, but PHP 4.2.2 fails to parse it correctly without this patch:

--- sapi/apache2filter/apache_config.c.orig     2002-07-28 23:58:24.000000000 +0200
+++ sapi/apache2filter/apache_config.c  2002-07-28 23:58:37.000000000 +0200
@@ -128,7 +128,7 @@
 {
        AP_INIT_TAKE2("php_value", php_apache_value_handler, NULL, OR_OPTIONS,
                   "PHP Value Modifier"),
-       AP_INIT_TAKE2("php_admin_value", php_apache_admin_value_handler, NULL, OR_NONE,
+       AP_INIT_TAKE2("php_admin_value", php_apache_admin_value_handler, NULL, OR_OPTIONS,
                   "PHP Value Modifier"),
    {NULL}
 };

It does not look like php_admin_flag is implemented for apache 2.
 [2002-09-29 22:52 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-10-19 23:00 UTC] matt at haught dot com
It is currently working with latest cvs.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 18:01:31 2024 UTC