php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17548 open_basedir affects HTTP POST operations for provided form-handling scripts
Submitted: 2002-05-31 17:45 UTC Modified: 2005-01-31 22:59 UTC
From: kdeugau at deepnet dot cx Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.1.2 OS: RedHat 7.0, current errata
Private report: No CVE-ID: None
 [2002-05-31 17:45 UTC] kdeugau at deepnet dot cx
I recently received a note from a customer regarding a problem getting one of the provided scripts working on a domain hosting server at work.  I looked into that problem, and fixed it- but in the process noted that the form mail and guestbook scripts I had written for the server were no longer functional.  Since the error message indicated some issue with the open_basedir option (set on a per-vhost basis via the Apache directive php_admin_value so as to not disrupt some internal services), I tried changing it for the test vhost set up on the system.

The two ways I could get the two scripts working were:

1) Remove the open_basedir restriction.  This is how the system was set up initially, but was soon restricted for security reasons.  This is not a practical long-term solution.
2) Move the scripts (the real filesystem location!) to a subdirectory of the directory containing all vhosts.  This is what I have active now, in order to keep 40-odd websites functioning.

I tried using a symlink in the test domain's webroot, but that failed as well.

I can understand this affecting include()/fopen() and similar "direct" access to files;  I don't understand why this affects HTTP POST operations.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-31 18:18 UTC] steffann@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


open_basedir does not look at the way files are opened. Your problem (probably) has nothing to do with the POST, but with the location of the script that is being executed.

We use open_basedir in the following way: Every user has access to his own directory, and every user has access to a shared-scripts directory. Configuration example:

php_admin_value open_basedir /var/www/www.example.com/:/var/www/shared/

You don\'t give enough information to help you any further. If you need more help, you\'ll have to give more information on your actual situation. What would be useful is:
- The Apache VirtualHost configuration
- The location of your scripts
- The contents of your php.ini

You can send this information to me personally if you want: steffann@php.net

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat May 25 21:01:27 2019 UTC