|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesphp.ini (last revision 2012-01-31 02:17 UTC by webmasterick dot rl at hotmail dot com)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
[2010-11-18 23:30 UTC] jani@php.net
-Status: Open
+Status: Closed
-Package: Feature/Change Request
+Package: *General Issues
-Assigned To:
+Assigned To: jani
[2010-11-18 23:30 UTC] jani@php.net
[2010-11-18 23:30 UTC] jani@php.net
-Package: *General Issues
+Package: Safe Mode/open_basedir
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Jan 02 20:01:30 2025 UTC |
Description: ------------ Could someone find a way so that files (i.e., .htaccess, .httpd) could be block from opening by a user and that open_basedir can be set on a per-directory while still enforceing the open_basedir set in .httpd or php.ini. Reproduce code: --------------- php.ini: open_basedir = "/usr/home/public_html/" deny_open_files = ".htaccess,.httpd" .htaccess (#1): php_flag open_basedir = "/usr/home/public_html/some/dir/" .htaccess (#2): php_flag open_basedir = "/" script1.php: <?php $fp=fopen("text.txt", "w"); fwrite($fp, "nice text"); fclose($fp); echo "file writing done"; ?> script2.php: <?php $fp=fopen(".htaccess", "w"); fwrite($fp, "evil code"); fclose($fp); echo "evil done"; ?> Expected result: ---------------- .htaccess (#1) will work while, .htaccess (#2) will not. and script1.php will return: file writing done and script2.php will return: Error: fopen(): You are not allowed to open that file for security resons.