|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13060 "allow_url_fopen = On" disables safe_mode UID check
Submitted: 2001-08-30 11:03 UTC Modified: 2001-10-20 19:48 UTC
From: admin at kontent dot de Assigned:
Status: Closed Package: *Configuration Issues
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: admin at kontent dot de
New email:
PHP Version: OS:


 [2001-08-30 11:03 UTC] admin at kontent dot de
When I turn off allow_url_fopen in php.ini the safe_mode UID check seems to be disabled. 

With "allow_url_fopen = on" an include("/etc/passwd") returns the following error:

"The script whose uid is 10000 is not allowed to access /etc/passwd owned by uid 0"

after I've changed the settings to "allow_url_fopen = off" the inclusion works fine, so there is no way to prevent customers from including external files and local system files.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-20 19:48 UTC]
Can not reproduce with PHP 4.1.0 RC1


PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 20:01:30 2024 UTC