PHP :: Bug #17927 :: open_basedir is not working

Bug #17927

open_basedir is not working

Submitted:

2002-06-22 19:40 UTC

Modified:

2002-10-19 23:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

matt at haught dot com

Assigned:

Status:

Closed

Package:

Apache2 related

PHP Version:

4.3.0

OS:

FreeeBSD 4.7-RELEASE

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	matt at haught dot com
New email:
PHP Version:		OS:

New Comment:

[2002-06-22 19:40 UTC] matt at haught dot com

I am using the php_admin_value to set the open_basedir option within a <VirtualHost>, the option is accepted by apache-2.0.39 and is reflected by phpinfo().  I just moved my sites around and I forgot to change my open_basedir, and to my amazement i got no errors when opening any of the pages.  I also have open_basedir set to /usr/local/www/data as a default in my php.ini (mostly to remind me to set it for the virtual host's dir which is not in that dir).  I can change the values to anything in either the ini or through php_admin_value and no restrictions are put into place.  I put this bug into apache2 releated, but I am not sure if it is reflected in others.  I am using php4-200206211500 snap.

As a side note, php_admin_flag engine Off, also does nothing inside a <VirtualHost> or a <Location>, I am not sure if it is related.  php_value include_path /dir, DOES work properly.

--Matt

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-28 18:21 UTC] michael at moria dot de

At first, I read in a couple places to use "php_value", which is wrong.  "php_admin_value" is correct, but PHP 4.2.2 fails to parse it correctly without this patch:

--- sapi/apache2filter/apache_config.c.orig     2002-07-28 23:58:24.000000000 +0200
+++ sapi/apache2filter/apache_config.c  2002-07-28 23:58:37.000000000 +0200
@@ -128,7 +128,7 @@
 {
        AP_INIT_TAKE2("php_value", php_apache_value_handler, NULL, OR_OPTIONS,
                   "PHP Value Modifier"),
-       AP_INIT_TAKE2("php_admin_value", php_apache_admin_value_handler, NULL, OR_NONE,
+       AP_INIT_TAKE2("php_admin_value", php_apache_admin_value_handler, NULL, OR_OPTIONS,
                   "PHP Value Modifier"),
    {NULL}
 };

It does not look like php_admin_flag is implemented for apache 2.

[2002-09-29 22:52 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-10-19 23:00 UTC] matt at haught dot com

It is currently working with latest cvs.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Sep 12 00:01:27 2024 UTC