|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-03-30 14:11 UTC] Bjorn dot Wiberg at its dot uu dot se
Description: ------------ As noted in other bug reports (PHP bug #24185), and the documentation (http://www.php.net/manual/en/function.getcwd.php), getcwd() may fail if some directory along a path doesn't have list (r) permissions, but only access (x) permissions. In acinclude.m4, the check for broken getcwd() checks the OS string to determine whether HAVE_BROKEN_GETCWD should be set or not. Currently, this check only detects (and sets HAVE_BROKEN_GETCWD) if the OS is "SunOS". This should probably be changed to include "AIX", too: root@spinus:/# uname -sr AIX 2 ...as the problem seems to be present on AIX. Reproduce code: --------------- <?php $handle = fopen("./a.txt", "w", false); if ( $handle ) { fputs($handle, "testtext"); fclose($handle); } ?> Expected result: ---------------- No error message, file gets created. Actual result: -------------- Because fopen() + open_basedir seems to rely on getcwd() to check the path to the file, we get the following error: Warning: fopen(): open_basedir restriction in effect. File(./a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 3 Warning: fopen(./a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 3 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 04:01:28 2024 UTC |
Hi again! (Thanks for fixing the mpm_common crash, that problem is gone now.) All the following with #define HAVE_BROKEN_GETCWD 1 in main/php_config.h, and the following code (tests 1-4): <?php print getcwd() . "<BR>"; $handle = fopen("a.txt", "w", false); if ( $handle != FALSE ) { fputs($handle, "testtext"); fclose($handle); } ?> ..and, respectively (tests 5-8): <?php print getcwd() . "<BR>"; $handle = fopen("./a.txt", "w", false); if ( $handle != FALSE ) { fputs($handle, "testtext"); fclose($handle); } ?> 1. No existing "a.txt" file in the destination directory. With the "read" flag missing to the "test" directory along the path, and write permissions to the destination directory: Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 No file gets created. getcwd() fails. 2. No existing "a.txt" file in the destination directory. Having both read and execute flags along the path, and write permissions to the destination directory: /apache/htdocs/bwiberg/test/safemode Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 No file gets created. But getcwd() correctly returns " /apache/htdocs/bwiberg/test/safemode". 3. No existing "a.txt" file in the destination directory. Trying with "./a.txt" instead, a missing "read" flag to the "test" directory along the path, and write permissions to the destination directory: No error message. The a.txt file gets correctly created, but getcwd() fails. 4. No existing "a.txt" file in the destination directory. Trying with "./a.txt", both "read" and "execute" flags along the path, and write permissions to the destination directory: No error message. The file gets correctly created, and getcwd() returns "/apache/htdocs/bwiberg/test/safemode". 5. Existing "a.txt" file in the destination directory. With the "read" flag missing to the "test" directory along the path, and write permissions to the destination directory: Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 File does not get overwritten. getcwd() fails. 6. Existing "a.txt" file in the destination directory. Having both read and execute flags along the path, and write permissions to the destination directory: No error message. File gets overwritten correctly. getcwd() returns "/apache/htdocs/bwiberg/test/safemode". 7. Existing "a.txt" file in the destination directory. Trying with "./a.txt" instead, a missing "read" flag to the "test" directory along the path, and write permissions to the destination directory: No error message. File gets overwritten correctly, but getcwd() fails. 8. Existing "a.txt" file in the destination directory. Trying with "./a.txt", both "read" and "execute" flags along the path, and write permissions to the destination directory: No error message. File gets overwritten correctly. getcwd() returns "/apache/htdocs/bwiberg/test/safemode". From a getcwd() perspective (the scope of this particular bug report), tests number 1, 2, 3, 5 and 7 fail although they perhaps shouldn't. So, it appears that HAVE_BROKEN_GETCWD does not solve the "problems" on AIX (with the current code for HAVE_BROKEN_GETCWD). Hence, the proposed change to acinclude.m4 is currently not needed. Any ideas on how to go from here? Or should we accept that getcwd() should fail under these circumstances? Thanks in advance! Best regards, Bj?rn