|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[1999-06-20 21:00 UTC] jim at cvs dot php dot net
[2022-04-19 12:13 UTC] git@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 27 14:01:30 2024 UTC |
Problem: Running Apache 1.3.6 with php module compiled in, safe mode is enabled (httpd.conf contains line: php3_safe_mode On). The .php3 file reads thus (plus some HTML lines): <?php echo touch("/home/users/myid/testfiles/junk.txt"); ?> When executed via Apache php3 module, the above script prints "1" and CREATES the file junk.txt. Apache is running as userid "myid" but the script belongs to another login. Attempts to use functions such as "file()" correctly (as I understand the documentation of safe mode) report: === Warning: SAFE MODE Restriction in effect. The script whose uid is 7921 is not allowed to access /home/users/myid/testfiles/files.txt owned by uid 7917 in /home/users/otherid/public_html/php/test.php3 on line 9 === when the script is: <?php $file = file("/home/users/myid/testfiles/files.txt"); for ($i = 1; $i <= count($file); $i++) { echo $file[$i]; } ?> I understood that all file i/o functions in safe mode disallowed access to files other than those owned by the same login as the script being executed. The touch() function appears to disobey this rule.