php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61948 CURLOPT_COOKIEFILE '' raises open_basedir restriction
Submitted: 2012-05-05 06:05 UTC Modified: 2012-05-05 16:55 UTC
From: jfb at zer7 dot com Assigned: laruence (profile)
Status: Closed Package: HTTP related
PHP Version: 5.4.2 OS: Ubuntu Server 12.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jfb at zer7 dot com
New email:
PHP Version: OS:

 

 [2012-05-05 06:05 UTC] jfb at zer7 dot com 
Description:
------------
Hello,

When setting CURLOPT_COOKIEFILE, I am finding that '' is raising the error:

Warning: curl_setopt_array(): open_basedir restriction in effect. File() is not within the allowed path(s): (/opt/www/:/usr/local/php/)

This suggests it is checking the string '' against open_basedir.
The documentation for CURLOPT_COOKIEFILE says:

"If the name is an empty string, no cookies are loaded, but cookie handling is still enabled."

I was told in FreeNode #php that '' actually uses a temporary file.
If this is true, it should be performing the check after it has chosen a temporary filename.

So essentially the bug I am reporting is that the order of these two checks is switched. As it stands, CURLOPT_COOKIEFILE '' is useless with open_basedir enabled.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-05 16:41 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:51 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:53 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:54 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:54 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2012-05-05 16:55 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2012-05-05 16:55 UTC] laruence@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2012-05-25 08:53 UTC] ab@php.net 
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:25 UTC] stas@php.net 
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:35 UTC] stas@php.net 
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86d2fafded73511e762671a60d6935ac87d6e39d
Log: Fixed bug #62149 Test Bug - ext/curl/tests/bug61948
 [2014-10-07 23:37 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=19632ae7dcdbbb7c34bf0ffde9fb7858f55424cd
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 [2014-10-07 23:37 UTC] stas@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=035ce937e13d8496795cef9899cc5c5afe9daab7
Log: Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 06:00:01 2025 UTC