php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14396 open_basedir check in nested include does not allow subdirs
Submitted: 2001-12-09 21:52 UTC Modified: 2005-01-31 23:06 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: matthias-php at kopolt dot com Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.0.6 OS: linux / redhat 7.1
Private report: No CVE-ID: None
 [2001-12-09 21:52 UTC] matthias-php at kopolt dot com
with enabled safe-mode and open_basedir restriction it is not possible to execute a include/require/... function in a included file that tries to include a file that is in a subdirectory of the initially executed script.

WORKAROUND: Placing all included files into the same directory works fine, but is quite a bunch of work and not always suitable when adapting supplied software and scripts, e.g. running phpNuke in this environement.


example:

in documentroot: file test.php:
<?php
require_once ('test/1.php');
require_once ('test/2.php');
require_once ('test/3.php');
?>

in the subdir test:
1.php:   <?php include ('3.php'); ?>
2.php:   foo_2
3.php:   foo_3

error:
Warning: open_basedir restriction in effect. File is in wrong directory in /home/sites/x/www/test/1.php on line 1

Apache's httpd.conf sets this param:
php_admin_value open_basedir /home/sites/x

open_basedir is tested and working fine, except those nested includes. 


thanks for checking
mk

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 21:34 UTC] yohgaki@php.net
The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available
from http://www.php.net/downloads.php

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 22:01:26 2019 UTC