PHP :: Request #34663 :: Patch to get around apache not expanding %0 when passed open

Patch to get around apache not expanding %0 when passed open_basedir in vhost

Submitted:

2005-09-27 20:22 UTC

Modified:

2017-01-29 04:22 UTC

Votes:	11
Avg. Score:	4.7 ± 0.6
Reproduced:	10 of 10 (100.0%)
Same Version:	3 (30.0%)
Same OS:	1 (10.0%)

From:

php-bugs at antispam dot nerds dot org dot uk

Assigned:

Status:

No Feedback

Package:

*General Issues

PHP Version:

5.0.5

OS:

FreeBSD

Private report:

CVE-ID:

None

View Developer Edit

[2005-09-27 20:22 UTC] php-bugs at antispam dot nerds dot org dot uk

Description:
------------
There are often cases where apache users with php5 installed will want to use dynamic vhosts (not least because it's in the apache docs), which leads to something like this:

<VirtualHost 82.70.196.65:80>
    VirtualDocumentRoot /data/www/%0
    ServerName %0
    php_admin_value open_basedir %0
</VirtualHost>

Unfortunately apache is naughty and doesn't expand the %0 on the php_admin_value line, which means that restricting the directories that php has access to is a pain!

This I know is an apache problem, rather than a php one, however I found a patch on a forum (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) that gets around this nicely, and I just tweaked it to work in php5 (I'm not trying to claim any credit away from the original author, I just like the feature!).  I figured this was posted a long time ago, if he was going to submit it - he would have by now.

Basically it just adds a keyword of VIRTUAL_DOCUMENT_ROOT, which has essentially the same end result, as it causes the fopen wrapper to expand it to the VirtualDocumentRoot.

Patch included at the "Reproduce Code"

Reproduce code:
---------------
--- main/fopen_wrappers.c.orig  Sun Sep 25 22:25:20 2005
+++ main/fopen_wrappers.c       Sun Sep 25 22:28:40 2005
@@ -95,8 +95,18 @@
        char resolved_name[MAXPATHLEN];
        char resolved_basedir[MAXPATHLEN];
        char local_open_basedir[MAXPATHLEN];
+       char *local_open_basedir_sub; /* Substring pointer for strstr */
        int resolved_basedir_len;
        int resolved_name_len;
+
+       if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) &&
+               SG(request_info).path_translated && *SG(request_info).path_translated  ) {
+
+               strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir));
+               local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+               /* Now insert null to break apart the string */
+               if (local_open_basedir_sub) *local_open_basedir_sub = '\0';
+       } else

        /* Special case basedir==".": Use script-directory */
        if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-01-20 20:41 UTC] heiglandreas@php.net

-Status: Open +Status: Feedback -Package: Feature/Change Request +Package: *General Issues

[2017-01-20 20:41 UTC] heiglandreas@php.net

Is this still relevant?

[2017-01-29 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 03:00:02 2025 UTC