PHP :: Bug #5920 :: strange use of open

Bug #5920	strange use of open_basedir string
Submitted:	2000-08-02 13:03 UTC	Modified:	2005-03-31 16:13 UTC
From:	karel at econnect dot cz	Assigned:
Status:	Wont fix	Package:	Other
PHP Version:	3.0.16	OS:	Redhat 6.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	karel at econnect dot cz
New email:
PHP Version:		OS:

New Comment:

[2000-08-02 13:03 UTC] karel at econnect dot cz

Example from php3.ini:

open_basedir = /home/www/test/no_such_dir

If there is no subdirectory named no_such_dir 
on the filesystem, one would except that PHP does not 
allow to open any files. But PHP allows to open files 
within /home/www/test.

In other words PHP uses the longest substring from 
open_basedir that represents a valid directory name.

This can cause security problem.

I did not test doc_root or other similar lines in php3.ini, 
that could suffer the same problem.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-31 16:13 UTC] php-bugs at lists dot php dot net

We are sorry, but we do not support PHP 3 related problems anymore.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 06:01:30 2024 UTC