php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27652 bad include_path
Submitted: 2004-03-19 05:35 UTC Modified: 2004-03-19 06:22 UTC
From: karasek at ceskyserver dot cz Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.3.4 OS: Linux 2.4.21
Private report: No CVE-ID: None
 [2004-03-19 05:35 UTC] karasek at ceskyserver dot cz
Description:
------------
Hi, I saw this problem on 4.3.3, but I haven't see it in change-log of 4.3.4, so, I'm reporting it.

I have several virtualhosts. One of my virtual host have  include_path changed in .httacces.

Sometimes (not often) another virtualhost uses this include_path. The frequency is about once per 100 requests...

I have just installed 4.3.4, so, I'll be watching my logs...

I'm using these modules of Apache:
Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_suexec.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_alias.c
  mod_so.c

If you think, I can help, contact me, please.

Regards
   Antonin Karasek

Reproduce code:
---------------
include("directory/file.php");

Actual result:
--------------
[client x.x.x.x] PHP Warning:  main(includes/bottom.php): failed to open stream: Operation not permitted in /path/to/the/script.php on line 122, referer: http://url.cz/legenda.php

[client x.x.x.x] PHP Warning:  main(): Failed opening 'includes/bottom.php' for inclusion (include_path='of another virtualhost from .htaccess') in /path/to/the/script.php on line 122, referer: http://url.cz/legenda.php


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-19 06:22 UTC] derick@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 08 07:03:33 2021 UTC