|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10960 coding error in fopen_wrappers.c
Submitted: 2001-05-18 14:12 UTC Modified: 2005-01-31 23:31 UTC
From: egan at sevenkings dot net Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
25 - 22 = ?
Subscribe to this entry?

 [2001-05-18 14:12 UTC] egan at sevenkings dot net
From previous bug report 10322 submitted by Paul Gregg:

In main/fopen_wrappers.c I see that there is a function:
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path PLS_DC)

However "basedir" is never used in this function at all,
only PG(open_basedir).  Surely this negates the point of the function being > called individually for each tokenised entry on  open_basedir/php.ini?

--- end of bug report 10322

Although Paul was correct, "Jason Greene" <> marked his report as bogus, apparently because it was included as part of a larger patch which Jason claimed was plagarizing his (Jason's) earlier patch, and Jason did not notice the one-line correction dealing with the logical error.

Paul's report of the logical error was not bogus, and his one-line correction was obviously correct.  Here it is again:

--- fopen_wrappers.c.orig	Mon Feb 26 00:07:31 2001
+++ fopen_wrappers.c	Fri May 18 12:40:54 2001
@@ -147,7 +147,7 @@
 	/* Special case basedir==".": Use script-directory */
-	if ((strcmp(PG(open_basedir), ".") == 0) && 
+	if ((strcmp(basedir), ".") == 0) && 
 		SG(request_info).path_translated &&
 		) {


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-18 16:29 UTC] egan at sevenkings dot net
Sorry, left in an extra paren.  The fix should be:

+	if ((strcmp(basedir, ".") == 0) && 
 [2001-05-23 02:36 UTC]
patch applied.


PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Oct 28 05:03:34 2021 UTC