php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37627 session_save_directory checks wrong directory in safe mode
Submitted: 2006-05-29 12:34 UTC Modified: 2006-12-04 15:20 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bla at cs dot huji dot ac dot il Assigned:
Status: Closed Package: Session related
PHP Version: 5.1.4 OS: freebsd 6.1
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bla at cs dot huji dot ac dot il
New email:
PHP Version: OS:

 

 [2006-05-29 12:34 UTC] bla at cs dot huji dot ac dot il
Description:
------------
When I run this command:

session_save_path("/var/spool/sessions");

I get:

session_save_path() [function.session-save-path]: SAFE MODE Restriction in effect. The script whose uid is 24713 is not allowed to access /var/spool

The information in the message is correct but I suppose the function should check /var/spool/sessions, not /var/spool. (note that /var/spool/session exists and has the right permissions so there's no need to modify /var/spool).

Probably the OnUpdateSaveDir() function in session.c should give a different flag to php_checkuid().




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-29 12:46 UTC] tony2001@php.net
>Note that /var/spool/session exists and has the right
> permissions so there's no need to modify /var/spool).

/var/spool/session or /var/spool/sessions ?
What if try this:
session_save_path("/var/spool/sessions/"); ?
 [2006-05-30 07:38 UTC] bla at cs dot huji dot ac dot il
This is the 3rd time I write this reply, it keeps disappearing after I submit it. Anyway:

Appending a '/' to the path fixes the problem, thanks.

However it should work even without a trailing '/' just like any other path related setting.
 [2006-12-04 15:20 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC