php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10960 coding error in fopen_wrappers.c
Submitted: 2001-05-18 14:12 UTC Modified: 2005-01-31 23:31 UTC
From: egan at sevenkings dot net Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
 [2001-05-18 14:12 UTC] egan at sevenkings dot net
From previous bug report 10322 submitted by Paul Gregg:

In main/fopen_wrappers.c I see that there is a function:
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path PLS_DC)

However "basedir" is never used in this function at all,
only PG(open_basedir).  Surely this negates the point of the function being > called individually for each tokenised entry on  open_basedir/php.ini?

--- end of bug report 10322

Although Paul was correct, "Jason Greene" <jason@php.net> marked his report as bogus, apparently because it was included as part of a larger patch which Jason claimed was plagarizing his (Jason's) earlier patch, and Jason did not notice the one-line correction dealing with the logical error.

Paul's report of the logical error was not bogus, and his one-line correction was obviously correct.  Here it is again:

--- fopen_wrappers.c.orig	Mon Feb 26 00:07:31 2001
+++ fopen_wrappers.c	Fri May 18 12:40:54 2001
@@ -147,7 +147,7 @@
 	SLS_FETCH();
 	
 	/* Special case basedir==".": Use script-directory */
-	if ((strcmp(PG(open_basedir), ".") == 0) && 
+	if ((strcmp(basedir), ".") == 0) && 
 		SG(request_info).path_translated &&
 		*SG(request_info).path_translated
 		) {



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-18 16:29 UTC] egan at sevenkings dot net
Sorry, left in an extra paren.  The fix should be:


+	if ((strcmp(basedir, ".") == 0) && 
 
 [2001-05-23 02:36 UTC] sniper@php.net
patch applied.

--Jani

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Sep 24 13:01:24 2020 UTC