php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14396 open_basedir check in nested include does not allow subdirs
Submitted: 2001-12-09 21:52 UTC Modified: 2005-01-31 23:06 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: matthias-php at kopolt dot com Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.0.6 OS: linux / redhat 7.1
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: matthias-php at kopolt dot com
New email:
PHP Version: OS:

 

 [2001-12-09 21:52 UTC] matthias-php at kopolt dot com
with enabled safe-mode and open_basedir restriction it is not possible to execute a include/require/... function in a included file that tries to include a file that is in a subdirectory of the initially executed script.

WORKAROUND: Placing all included files into the same directory works fine, but is quite a bunch of work and not always suitable when adapting supplied software and scripts, e.g. running phpNuke in this environement.


example:

in documentroot: file test.php:
<?php
require_once ('test/1.php');
require_once ('test/2.php');
require_once ('test/3.php');
?>

in the subdir test:
1.php:   <?php include ('3.php'); ?>
2.php:   foo_2
3.php:   foo_3

error:
Warning: open_basedir restriction in effect. File is in wrong directory in /home/sites/x/www/test/1.php on line 1

Apache's httpd.conf sets this param:
php_admin_value open_basedir /home/sites/x

open_basedir is tested and working fine, except those nested includes. 


thanks for checking
mk

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 21:34 UTC] yohgaki@php.net
The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available
from http://www.php.net/downloads.php

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 19:01:30 2019 UTC