php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37476 is_readable(), file_exists() have problem with open_basedir
Submitted: 2006-05-17 13:11 UTC Modified: 2006-05-27 01:00 UTC
Votes:7
Avg. Score:4.0 ± 1.1
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:4 (57.1%)
From: info at wiredtek dot info Assigned:
Status: No Feedback Package: *Directory/Filesystem functions
PHP Version: 5.1.4 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
48 + 39 = ?
Subscribe to this entry?

 
 [2006-05-17 13:11 UTC] info at wiredtek dot info
Description:
------------
the function is_readable() and file_exists() report open_basedir restriction also on files that are inside the open_basedir, showing a warning on the screen, such as:

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css) is not within the allowed path(s): (/usr/share/php/:/var/www/ineluttabile.it/equilibrium/:/tmp/) in /var/www/ineluttabile.it/equilibrium/http-docs/cryolibs/core/core.common.php on line 582

the previous warning tell that file /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css is not into the open_basedir, but the dir: /var/www/ineluttabile.it/equilibrium/ is specified into the open_basedir statement, so the warning must not be showed.

Investigating more deeply i have noticed that the warning do not happen for 'all' the files involved with the function file_exists() or is_readable(), but only for that files that do not exists. Infact, checking /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css the file do not exists, and file_exists() return correctly a FALSE value, but the warning do not have any meaning (IMHO), maybe have a mean for the function is_readable(), but not for file_exists() and however, the file is inside the open_basedir restriction so it is a non sense warning.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-17 13:59 UTC] mike@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Seems to work fine.
 [2006-05-19 12:26 UTC] info at wiredtek dot info
i'm not able to test the 5.2cvs version because i'm using 
gentoo linux distro, so unless a working ebuild i'm not 
able to test it. However i'll try a manual installation
 [2006-05-19 12:29 UTC] tony2001@php.net
I don't thin you need an ebuild to build an app from sources.
Please try the snapshot.
 [2006-05-27 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-10-09 18:27 UTC] liquidpele at hotmail dot com
I also had an issue with this when going down a directory and then coming up a directory to a file that DID exist.

Error shown was this:

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(../form/application_submit.php) is not within the allowed path(s): (/var/www/vhosts/xxx.com/subdomains/dev/httpdocs:/tmp) in /var/www/vhosts/xxx.com/subdomains/dev/httpdocs/partners/form/form.php on line 24

The file application_submit.php did exist, but because the directory was going down and then back up into the same directory, file_exits incorrectly labeled it as not in the open_basedir list.
 [2008-10-20 20:58 UTC] ca dot ddy at gmx dot de
Having the same problem : 

[Mon Oct 20 22:30:01 2008] [error] [client xx.xx.xx.xx] PHP Warning:  is_readable(): open_basedir restriction in effect. File(/usr/share/php5/MDB2/Driver/Datatype/mysql.php) is not within the allowed path(s): (/srv/www/vhosts/xxxxxxxxx.xx/httpdocs:/tmp:/usr/share/php5/PEAR) in /usr/share/php5/PEAR/MDB2.php on line 927, referer: http://www.xxxxxxxxx.xx/login.php


vhosts.conf :

<Directory ~ "^/srv/www/vhosts/xxxxxxx.xx/*">
        <IfModule sapi_apache2.c>
                php_admin_flag safe_mode off
;                php_admin_value open_basedir "/srv/www/vhosts/xxxxxxxxx.xx/httpdocs:/tmp:/usr/share/php5/PEAR"
;                php_admin_value include_path ".:/usr/share/php5:/usr/share/php5/PEAR:/srv/www/vhosts/xxxxxxxxxxxxxx.xx/httpdocs"
        </IfModule>
        <IfModule mod_php5.c>
                php_admin_value open_basedir "/srv/www/vhosts/xxxxxxxxxxx.xx/httpdocs:/tmp:/usr/share/php5/PEAR"
                php_admin_flag safe_mode off
                php_admin_value include_path ".:/usr/share/php5:/usr/share/php5/PEAR:/srv/www/vhosts/xxxxxxxxxxx.xx/httpdocs:/srv/www/vhosts/xxxxxxxxxx.xx/httpdocs/classes"
        </IfModule>
</Directory>

Include from phpinfo : 

.:/usr/share/php5:/usr/share/php5/PEAR:/srv/www/vhosts/xxxxxxxxxx.xx/httpdocs:/srv/www/vhosts/xxxxxxxxxxxxxx.xx/httpdocs/classes

openbasedir from phpinfo : 

/srv/www/vhosts/xxxxxxxxxxx.xx/httpdocs:/tmp:/usr/share/php5/PEAR

php -v :

PHP 5.2.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 20 2008 17:43:51)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with the ionCube PHP Loader v3.1.28, Copyright (c) 2002-2007, by ionCube Ltd.


uname -a 

Linux XXXXX 2.6.22.17-0.1-default #1 SMP 2008/02/10 20:01:04 UTC x86_64 x86_64 x86_64 GNU/Linux

(Opensuse)
 [2008-10-20 21:00 UTC] ca dot ddy at gmx dot de
Please delete my post :-(
 [2010-05-27 16:21 UTC] besisland at besisland dot name
Bug #44901 seems to be duplicate of this one. The bug still exists in PHP 5.2.6.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 09:01:26 2024 UTC