PHP :: Bug #26310 :: open_basedir error in a dir

Bug #26310

open_basedir error in a dir

Submitted:

2003-11-19 03:31 UTC

Modified:

2005-01-31 23:32 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

coder at paco dot net

Assigned:

Status:

Not a bug

Package:

Safe Mode/open_basedir

PHP Version:

4.3.4

OS:

Solaris 8

Private report:

CVE-ID:

None

View Developer Edit

[2003-11-19 03:31 UTC] coder at paco dot net

Description:
------------
Strange problem with PHP 4.3.4 on Solaris

phpinfo() you can see here http://coder.paco.net/phpinfo.php
test scripts here:
http://coder.paco.net/test/err.php
http://coder.paco.net/err.php

when i try to open file (file('filename.ext')) from root dir everythig fine, but when from dir "/test" open_basedir restriction error appears.
With full path to file all ok, with ./ path also ok.

Config line: './configure' '--with-apache=../apache_1.3.27rusPL30.17' '--with-mod_charset' '--with-gd=/usr/local' '--with-mysql=/usr/local/mysql' '--with-dbase' '--enable-track-vars' '--enable-memory-limit' '--with-db3=/usr/local/BerkeleyDB.3.3' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-freetype-dir=/usr/local' '--with-zlib-dir=/usr/local' '--with-dom=/usr/local' '--with-iconv=/usr/local' '--with-mnogosearch=/usr/local/mnogo'

PHP-ini: 
open_basedir	/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./
include_path	.:..:/usr/local/lib/php
safe_mode	Off

Reproduce code:
---------------
$file = file("/www/udocs/coder/public_html/test/read.php");
$file = file("read.php"); //error string
$file = file("./read.php");



Expected result:
----------------
I expect all files opened.

Actual result:
--------------
file('/www/udocs/coder/public_html/test/read.php'); open file from curren dir with full path
Array ( [0] => file in "test" dir )

file('read.php'); open file from curren dir

Warning: file(): open_basedir restriction in effect. File(read.php) is not within the allowed path(s): (/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./) in /opt/www/udocs/coder/public_html/test/err.php on line 8

Warning: file(read.php): failed to open stream: Not owner in /opt/www/udocs/coder/public_html/test/err.php on line 8

--

-- $file = file('./read.php'); open file from current dir as ./
Array ( [0] => file in "test" dir )

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-11-19 18:36 UTC] sniper@php.net

sorry, but this is propably the dumbest way to use open_basedir..allowing ./ is pretty much same as not setting open_basedir at all:

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;open_basedir =

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Mar 23 20:01:29 2025 UTC