php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18823 open_basedir not working for include() or readfile()
Submitted: 2002-08-09 00:01 UTC Modified: 2005-01-31 22:40 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: matt at haught dot com Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.2.2 OS: FreeBSD-4.4-RELEASE
Private report: No CVE-ID: None
 [2002-08-09 00:01 UTC] matt at haught dot com
I am using an Aug 6th cvs build of php4 on apache-1.3.26.  I have chrooted apache and I also wanted to use open_basedir to help improve security between users.  My open_basedir is set to "/www/admin/:/www/global.include/", and to test open_basedir i created /www/admin/basedir.php which contains:
<?php
echo 'Include test<br>'
include("/etc/resolv.conf");
echo '<br><br>Readfile test <br>';
echo readfile("/etc/resolv.conf");
?>
The result is the printing of my nameservers from outside the open_basedir.  I do however get a open_basedir warning for trying to open outside files using fopen/fread and also readdir, but not with include(), include_once(), or readfile().

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-26 22:26 UTC] matt at haught dot com
This was fixed in cvs; main/streams.c 1.73 by wez.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Apr 08 06:01:25 2020 UTC