php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32503 fopen() in cwd: filename must start with ./ under safe mode
Submitted: 2005-03-30 14:37 UTC Modified: 2007-01-10 22:54 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: Bjorn dot Wiberg at its dot uu dot se Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5.1.2 OS: IBM AIX 5.2.0.0 ML5
Private report: No CVE-ID: None
 [2005-03-30 14:37 UTC] Bjorn dot Wiberg at its dot uu dot se
Description:
------------
Under safe mode, if one tries to create a new file with fopen(), specifying a filename without any path part in it (such as "./a.txt" or /apache/htdocs/bwiberg/test/safemode/a.txt"), fopen() fails, claiming that the file cannot be found.


If the file already exists, everything works just fine.

If you specify a path part ahead of the filename, everything works just fine.

If you give fopen() "true" as a third argument, and make sure that your include_path includes "." as its FIRST path (if you have several directories in it), everything works just fine. (Perhaps the restriction of only trying the FIRST path should be mentioned in the docs as well.)


I'm not sure if this problem is related to the earlier discussions of php_realpath_hack (that fix should be present as "_AIX" is set by gcc under AIX), but it sure poses a problem for scripts which rely on being able to create a file in the current directory without specifying any path.

Another question is why $handle in the example script isn't set to FALSE if the open failed -- instead the error propagates to the fputs() part.

I'd appreciate any input regarding this. Thanks in advance!

Best regards,
Björn

Reproduce code:
---------------
<?php 

  print getcwd() . "<BR>";

  $handle = fopen("a.txt", "w", false);
  if ( $handle != FALSE ) {
    fputs($handle, "testtext");
    fclose($handle);
  }

?>


Expected result:
----------------
/apache/htdocs/bwiberg/test/safemode

(File a.txt gets created in current directory.)

Actual result:
--------------
/apache/htdocs/bwiberg/test/safemode
Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-01 16:32 UTC] Bjorn dot Wiberg at its dot uu dot se
Tried php5-200503310630 (5.1.0-dev), but the problem is still present:

/apache/htdocs/bwiberg/test/safemode
Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

(Whereas "./a.txt" works just fine.)

Best regards,
Bj?rn
 [2005-04-04 17:11 UTC] tony2001@php.net
Right, this is somehow concerned with broken realpath() on AIX.
The problem is that we end up with relative path in php_checkuid_ex() function and it fails to check permissions for the directory.
Of course, the easiest solution is to use absolute paths everywhere.

 [2005-04-05 09:28 UTC] Bjorn dot Wiberg at its dot uu dot se
Hi Tony!

Thank you for your feedback!

I'm afraid that absolute paths aren't a very viable solution to this, as that probably would break too many scripts, expecting it to be possible to "just" save a file to the current directory.

Is the "PHP realpath hack" supposed to handle these kind of problems on AIX?

Please let me know if I can help in any way!

Best regards,
Bj?rn
 [2005-05-09 14:15 UTC] Bjorn dot Wiberg at its dot uu dot se
Hi again!

I just tried the #define HAVE_BROKEN_GETCWD 1 trick from http://bugs.php.net/bug.php?id=32501, with PHP 5.0.4 (the "fixed" version) but that didn't help in this regard. I thought I would mention this.

Best regards,
Bj?rn
 [2005-07-05 10:21 UTC] Bjorn dot Wiberg at its dot uu dot se
(Thanks for fixing the mpm_common crash, that problem is gone now.)

With #define HAVE_BROKEN_GETCWD 1 in php_config.h, and having made sure that the path up to the directory where the file is to be created has sufficient permissions, I still get the same error:

/apache/htdocs/bwiberg/test/safemode
Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 

Having the read (r) permission off for the "test" directory along the way:

Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

Best regards,
Bj?rn
 [2005-12-19 17:46 UTC] Bjorn dot Wiberg at its dot uu dot se
Hi sniper!

Just wanted to tell you that for 5.1.1, the following holds:

If the path to the file is not listable (r flag) all the way, one gets the following message:

Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

The same error occurs until one makes sure that the path all the way to the file is listable (r flag).


Then, with the path all the way to the file listable (r flag), one gets, with "a.txt" and no existing file:

/apache/htdocs/bwiberg/test/safemode
Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

However, "./a.txt" and no existing file works fine.

With "a.txt" and the file already existing, things work just fine.

With "./a.txt" and the file already existing, things work just fine.

Would it be OK to wait for 5.1.2, or have things related to this actually changed in the latest snapshot?

(I just recompiled and installed 5.1.1, awaiting some possible input on or fixes to another bug, so I hope to recompile again sometime early next year.)

Wishing you a Merry Christmas and a Happy New Year, and for putting up with me and my AIX troubles. :-)

Best regards,
Bj?rn
 [2006-01-26 16:52 UTC] Bjorn dot Wiberg at its dot uu dot se
Hi!

I just confirmed that the same things happen with PHP 5.1.2.

(Somehow my updating of this issue on January 16th seemed to have disappeared.)

Best regards,
Bj?rn
 [2006-12-30 02:36 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2007-01-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-01-09 10:49 UTC] Bjorn dot Wiberg at its dot uu dot se
Confirmed that with php5.2-200701081330, creating "a.txt" and "./a.txt" now works fine as long as the full path all the way to the file has directory listing flags (x flags) set.

If the path is obstructed somewhere along the way, one gets:

Warning: fopen(a.txt): failed to open stream: Permission denied in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

...which is just fine.

As before, specifying the /full/path/to/the/file always works, without the need of directory listing flags along the way.

Thanks for fixing this!

Best regards,
Bj?rn
 [2007-01-10 22:54 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-28 04:40 UTC] tata0590 at hotmail dot com
thank you so much
terimakasih banyak
I've been searching for this solution for hourssssss..
you saved my life
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 23:01:26 2024 UTC