PHP :: Bug #58578 :: open_basedir return error

Bug #58578	open_basedir return error
Submitted:	2009-03-09 05:09 UTC	Modified:	2009-03-09 06:37 UTC
From:	r at pro-9 dot com	Assigned:	pajoye (profile)
Status:	Not a bug	Package:	htscanner (PECL)
PHP Version:	5.2.5	OS:	gentoo linux
Private report:	No	CVE-ID:	None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 29 + 47 = ?
Subscribe to this entry?

[2009-03-09 05:09 UTC] r at pro-9 dot com

Description:
------------
php_value open_basedir return error:
php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: /www:/tmp
(12, 10) failed! 
in Unknown on line 0
but other parameters, e.g php_value session.save_path is fine.
 


Reproduce code:
---------------
htscanner.ini file:
extension="htscanner.so"
config_file=".htaccess"
default_docroot="/"
default_ttl=300
stop_on_error = 0

safe_mode in php.ini is Off
open_basedir in php.ini is undefined (phpinfo say: no value)

.htaccess file:
php_value session.save_path /var/tmp
php_value open_basedir /www:/tmp

Expected result:
----------------
session.save_path /var/tmp
open_basedir /www:/tmp


Actual result:
--------------
session.save_path /var/tmp
open_basedir no value

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-09 05:54 UTC] pierre dot php at gmail dot com

Can you try using:

php_value open_basedir "/www:/tmp"

[2009-03-09 06:23 UTC] r at pro-9 dot com

I try with quotes, result is similar. Error message there:
Mar  9 13:08:20 vh7 php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: "/www:/tmp"
Mar  9 13:08:20 vh7 ) (12, 12) failed!
Mar  9 13:08:20 vh7 in Unknown on line 0

The second digit is different in error message: 12, without quotes it is 10

[2009-03-09 06:37 UTC] pierre dot php at gmail dot com

Thank you for taking the time to write to us, but this is not
a bug.

Well, it is Monday morning :)

open_basedir cannot (and should not) be overwritten using a per directory configuration option (from the www root). If not, it will defeat its whole purpose. Imagine someone simply changing it to \ and then do fopen("/etc/passwd");

Future versions of htscanner will allow the admins to set options per directory at the system level, which will be set during PHP's init phases. Something like what we have in 5.3:
[PATH=/www/site1]
open_basedir=/www/site1

Sorry to do not have replied that in the first place.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 03:00:01 2025 UTC