php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78806 Wrong open_basedir warning
Submitted: 2019-11-12 15:41 UTC Modified: 2019-11-12 16:14 UTC
From: michael dot vorisek at email dot cz Assigned:
Status: Duplicate Package: *Directory/Filesystem functions
PHP Version: 7.3.11 OS: Windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: michael dot vorisek at email dot cz
New email:
PHP Version: OS:

 

 [2019-11-12 15:41 UTC] michael dot vorisek at email dot cz
Description:
------------
On Windows PHP emits a warning if file path consists of existing file and slash plus optionally anything is appended. This issue should be fixes asap as it outputs unwanted output from core function.

Test script:
---------------
(Windows + PHP 7.3 + PHP error reporting enabled + open_basedir set)

var_dump(file_exists(__FILE__));
var_dump(file_exists(__FILE__ . '/'));

Expected result:
----------------
bool(true)
(no warning)
bool(false)

Actual result:
--------------
bool(true)
Warning: file_exists(): open_basedir restriction in effect. File(C:/x/test.php/) is not within the allowed path(s): (C:/x/) in xxx on line xxx
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-11-12 16:14 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2019-11-12 16:14 UTC] requinix@php.net
More specifically, it errors if you create a path that treats a file like a directory.

Duplicate of bug #52065.
 [2019-11-12 16:42 UTC] michael dot vorisek at email dot cz
Yes, duplicate issue and presented also on linux, reported by many users.

I understand that it needs to be carefully designed to prevent open_basedir leaks with symlinks, but it needs to be fixed for regular files.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 00:01:30 2024 UTC