php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26310 open_basedir error in a dir
Submitted: 2003-11-19 03:31 UTC Modified: 2005-01-31 23:32 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: coder at paco dot net Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.3.4 OS: Solaris 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: coder at paco dot net
New email:
PHP Version: OS:

 

 [2003-11-19 03:31 UTC] coder at paco dot net
Description:
------------
Strange problem with PHP 4.3.4 on Solaris

phpinfo() you can see here http://coder.paco.net/phpinfo.php
test scripts here:
http://coder.paco.net/test/err.php
http://coder.paco.net/err.php

when i try to open file (file('filename.ext')) from root dir everythig fine, but when from dir "/test" open_basedir restriction error appears.
With full path to file all ok, with ./ path also ok.

Config line: './configure' '--with-apache=../apache_1.3.27rusPL30.17' '--with-mod_charset' '--with-gd=/usr/local' '--with-mysql=/usr/local/mysql' '--with-dbase' '--enable-track-vars' '--enable-memory-limit' '--with-db3=/usr/local/BerkeleyDB.3.3' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-freetype-dir=/usr/local' '--with-zlib-dir=/usr/local' '--with-dom=/usr/local' '--with-iconv=/usr/local' '--with-mnogosearch=/usr/local/mnogo'

PHP-ini: 
open_basedir	/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./
include_path	.:..:/usr/local/lib/php
safe_mode	Off

Reproduce code:
---------------
$file = file("/www/udocs/coder/public_html/test/read.php");
$file = file("read.php"); //error string
$file = file("./read.php");



Expected result:
----------------
I expect all files opened.

Actual result:
--------------
file('/www/udocs/coder/public_html/test/read.php'); open file from curren dir with full path
Array ( [0] => file in "test" dir )

file('read.php'); open file from curren dir

Warning: file(): open_basedir restriction in effect. File(read.php) is not within the allowed path(s): (/opt/www/docs:/opt/www/udocs:/opt/www/virtual:/var/tmp/phpupload:/export/home:../:./) in /opt/www/udocs/coder/public_html/test/err.php on line 8

Warning: file(read.php): failed to open stream: Not owner in /opt/www/udocs/coder/public_html/test/err.php on line 8

--

-- $file = file('./read.php'); open file from current dir as ./
Array ( [0] => file in "test" dir ) 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-19 18:36 UTC] sniper@php.net
sorry, but this is propably the dumbest way to use open_basedir..allowing ./ is pretty much same as not setting open_basedir at all:

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;open_basedir =

 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Nov 21 19:01:27 2018 UTC