php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31514 . in open_basedir always translates SG(path_translated) rather than CWDG(cwd)
Submitted: 2005-01-12 13:42 UTC Modified: 2005-02-03 00:44 UTC
From: kameshj at fastmail dot fm Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.3.10, 5.0.3 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-01-12 13:42 UTC] kameshj at fastmail dot fm 
Description:
------------
Keep the following subapp/main.php, lib/reuse.php in a directory under DocumentRoot
Access http://your_web_server/subapp/main.php

Analysis
---------------
In php-src/main/fopen_wrappers.c, php_check_specific_open_basedir function has a code like this at the top
	if ((strcmp(basedir, ".") == 0) && 
		SG(request_info).path_translated &&
		*SG(request_info).path_translated
Which I feel to be 
	if ((strcmp(basedir, ".") == 0) && 
		SG(request_info).path_translated &&
		*SG(request_info).path_translated
This should have been just,
	if (strcmp(basedir, ".") == 0)
local_open_basedir need to have been copied from CWDG(cwd)

The patch is against php-5.1 head is available at 
http://puggy.symonds.net/~kameshj/fopen_wrappers.c.patch

Reproduce code:
---------------
subapp/main.php
------------------
<?php
	chdir("..");
	echo __FILE__;
	echo "\n<br>\n";
	include("./lib/reuse.php");
?>
lib/reuse.php
------------------
<?php
	echo __FILE__;
	echo "\n<br>";
?>


Expected result:
----------------
Absolute_path_of_your_document_root/subapp/main.php
<br>
Absolute_path_of_your_document_root/lib/reuse.php
<br>

Actual result:
--------------
Absolute_path_of_your_document_root/subapp/main.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-03 00:44 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Tue Feb 25 22:01:25 2020 UTC