|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14396 open_basedir check in nested include does not allow subdirs
Submitted: 2001-12-09 21:52 UTC Modified: 2005-01-31 23:06 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: matthias-php at kopolt dot com Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.0.6 OS: linux / redhat 7.1
Private report: No CVE-ID: None
 [2001-12-09 21:52 UTC] matthias-php at kopolt dot com
with enabled safe-mode and open_basedir restriction it is not possible to execute a include/require/... function in a included file that tries to include a file that is in a subdirectory of the initially executed script.

WORKAROUND: Placing all included files into the same directory works fine, but is quite a bunch of work and not always suitable when adapting supplied software and scripts, e.g. running phpNuke in this environement.


in documentroot: file test.php:
require_once ('test/1.php');
require_once ('test/2.php');
require_once ('test/3.php');

in the subdir test:
1.php:   <?php include ('3.php'); ?>
2.php:   foo_2
3.php:   foo_3

Warning: open_basedir restriction in effect. File is in wrong directory in /home/sites/x/www/test/1.php on line 1

Apache's httpd.conf sets this param:
php_admin_value open_basedir /home/sites/x

open_basedir is tested and working fine, except those nested includes. 

thanks for checking


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 21:34 UTC]
The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 20 16:01:29 2024 UTC