|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26310 open_basedir error in a dir
Submitted: 2003-11-19 03:31 UTC Modified: 2005-01-31 23:32 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: coder at paco dot net Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.3.4 OS: Solaris 8
Private report: No CVE-ID: None
 [2003-11-19 03:31 UTC] coder at paco dot net
Strange problem with PHP 4.3.4 on Solaris

phpinfo() you can see here
test scripts here:

when i try to open file (file('filename.ext')) from root dir everythig fine, but when from dir "/test" open_basedir restriction error appears.
With full path to file all ok, with ./ path also ok.

Config line: './configure' '--with-apache=../apache_1.3.27rusPL30.17' '--with-mod_charset' '--with-gd=/usr/local' '--with-mysql=/usr/local/mysql' '--with-dbase' '--enable-track-vars' '--enable-memory-limit' '--with-db3=/usr/local/BerkeleyDB.3.3' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-freetype-dir=/usr/local' '--with-zlib-dir=/usr/local' '--with-dom=/usr/local' '--with-iconv=/usr/local' '--with-mnogosearch=/usr/local/mnogo'

open_basedir	/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./
include_path	.:..:/usr/local/lib/php
safe_mode	Off

Reproduce code:
$file = file("/www/udocs/coder/public_html/test/read.php");
$file = file("read.php"); //error string
$file = file("./read.php");

Expected result:
I expect all files opened.

Actual result:
file('/www/udocs/coder/public_html/test/read.php'); open file from curren dir with full path
Array ( [0] => file in "test" dir )

file('read.php'); open file from curren dir

Warning: file(): open_basedir restriction in effect. File(read.php) is not within the allowed path(s): (/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./) in /opt/www/udocs/coder/public_html/test/err.php on line 8

Warning: file(read.php): failed to open stream: Not owner in /opt/www/udocs/coder/public_html/test/err.php on line 8


-- $file = file('./read.php'); open file from current dir as ./
Array ( [0] => file in "test" dir ) 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-19 18:36 UTC]
sorry, but this is propably the dumbest way to use open_basedir..allowing ./ is pretty much same as not setting open_basedir at all:

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;open_basedir =

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Apr 15 18:01:29 2024 UTC