|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-11-08 12:03 UTC] sniper@php.net
[2004-06-29 21:59 UTC] ryan at sinn dot org
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 00:01:41 2024 UTC |
Some basic data in advance: All our servers run PHP 4.2.3 / Apache 1.3.27 / Solaris 7 Despite the fact that since 4.2.3 (at least that's when we discovered it) an empty open_basedir (according to the manual access should not be restricted at all that way) will randomly (maybe 5% of all requests) lead to "open_basedir restriction in effect in line 0" meaning that the script itself failed to open we discovered another strange effect of open_basedir: There are 2 virtual hosts: 1 parsing .php and 1 parsing .html for php-code. Both their open_basedir is set to the corresponding webserver-root plus the additional directories "/tmp" and "/var/tmp". On the first one (parsing .html) include("./test.txt") or even include("test.txt") will not work (open_basedir restriction) unless we add e.g. "te" to the open_basedir (adding "." does not work). In contrast absolute paths do work fine. On the second server all sorts of includes (from current directory, from parent directory, from root) work as supposed and will not fail unless they try to bypass the open_basedir. As far as we've looked the issue up the only real difference between the 2 virtual hosts is that one parses for .html and has it's own user running the server and the other is parsing for .php and is using the standard-user (www). Thanks in advance for any help or hints... Matthias Fleischer