PHP :: Bug #44901 :: open_basedir as prefix complains on attempts to access non-existant files

Bug #44901

open_basedir as prefix complains on attempts to access non-existant files

Submitted:

2008-05-03 00:41 UTC

Modified:

2015-06-04 14:50 UTC

Votes:	9
Avg. Score:	4.2 ± 1.0
Reproduced:	9 of 9 (100.0%)
Same Version:	8 (88.9%)
Same OS:	8 (88.9%)

From:

jake at yahoo-inc dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Safe Mode/open_basedir

PHP Version:

5.*, 6CVS (2009-03-16)

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jake at yahoo-inc dot com
New email:
PHP Version:		OS:

New Comment:

[2008-05-03 00:41 UTC] jake at yahoo-inc dot com

Description:
------------
When using open_basedir as a prefix, attempting to access files or directories which match the prefix but are not present on the filesystem raise open_basedir restriction warnings.



Reproduce code:
---------------
// create files or directories on the file system "/foo1", "/foo2"
// add "/foo" (not "/foo/") to the open basedir restriction, then:

var_dump(file_exists('/foo1'));
var_dump(file_exists('/foo2'));
var_dump(file_exists('/foo3'));



Expected result:
----------------
this is the output returned:
bool(true)
bool(true)
bool(false)

which is expected, however, the "false" returned by the third call is disingenuous... it is false because the call is being blocked by open_basedir, and the following warning is triggered:

[Fri May  2 17:33:05 2008] [error] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/foo3) is not within the allowed path(s)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-05-25 18:07 UTC] softwareelves at gmail dot com

This bug doesn't seem to exist in 5.2.x.

I found it's not just a trailing slash but anything after an existing file path.

I found an easy way to show this bug:

error_reporting( E_ALL | E_STRICT );

var_dump( file_exists( __FILE__ ) );
var_dump( file_exists( __FILE__."/something_that_doesnt_exists" ) );

ini_set( "open_basedir", dirname( __FILE__ ) );

var_dump( file_exists( __FILE__ ) );
var_dump( file_exists( __FILE__."/something_that_doesnt_exists" ) );

[2013-04-03 20:16 UTC] mail+php at requinix dot net

Related To: Bug #64573

[2013-12-24 23:40 UTC] aaron dot hamid at gmail dot com

Seems related to https://bugs.php.net/bug.php?id=41518 (which is closed) as well

[2013-12-24 23:50 UTC] aaron dot hamid at gmail dot com

Cannot reproduce on PHP-5.6 branch.

[2015-06-04 14:50 UTC] cmb@php.net

-Status: Verified +Status: Closed -Assigned To: +Assigned To: cmb

[2015-06-04 14:50 UTC] cmb@php.net

This ticket is obsolete, because the open_basedir restriction
can't be used as prefix as of PHP 5.2.16 and 5.3.4[1].

[1] <http://php.net/manual/en/ini.core.php#ini.open-basedir>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Nov 25 08:01:32 2024 UTC