PHP :: Bug #14396 :: open_basedir check in nested include does not allow subdirs

Bug #14396

open_basedir check in nested include does not allow subdirs

Submitted:

2001-12-09 21:52 UTC

Modified:

2005-01-31 23:06 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

matthias-php at kopolt dot com

Assigned:

Status:

Not a bug

Package:

Safe Mode/open_basedir

PHP Version:

4.0.6

OS:

linux / redhat 7.1

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	matthias-php at kopolt dot com
New email:
PHP Version:		OS:

New Comment:

[2001-12-09 21:52 UTC] matthias-php at kopolt dot com

with enabled safe-mode and open_basedir restriction it is not possible to execute a include/require/... function in a included file that tries to include a file that is in a subdirectory of the initially executed script.

WORKAROUND: Placing all included files into the same directory works fine, but is quite a bunch of work and not always suitable when adapting supplied software and scripts, e.g. running phpNuke in this environement.


example:

in documentroot: file test.php:
<?php
require_once ('test/1.php');
require_once ('test/2.php');
require_once ('test/3.php');
?>

in the subdir test:
1.php:   <?php include ('3.php'); ?>
2.php:   foo_2
3.php:   foo_3

error:
Warning: open_basedir restriction in effect. File is in wrong directory in /home/sites/x/www/test/1.php on line 1

Apache's httpd.conf sets this param:
php_admin_value open_basedir /home/sites/x

open_basedir is tested and working fine, except those nested includes. 


thanks for checking
mk

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-26 21:34 UTC] yohgaki@php.net

The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available
from http://www.php.net/downloads.php

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 15:01:30 2024 UTC