PHP :: Bug #39386 :: ftp_rawlist() complains about open

Bug #39386	ftp_rawlist() complains about open_basedir restriction
Submitted:	2006-11-04 21:05 UTC	Modified:	2006-11-05 23:04 UTC
From:	webmaster at eeb-world dot de	Assigned:
Status:	Not a bug	Package:	FTP related
PHP Version:	5.2.0	OS:	Linux Debian
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2006-11-04 21:05 UTC] webmaster at eeb-world dot de

Description:
------------
ftp_rawlist() complains about open_basedir restriction effect and a failed creation of a temporary file.

I backtraced this function in the PHP-source:

ftp_rawlist() =>

INTERNAL BACKTRACE:

ftp_list()                   (in php_ftp.c        on line 732)
ftp_genlist()                (in ftp.c            on line 651)
php_stream_fopen_tmpfile()   (in ftp.c            on line 1600)
php_open_temporary_fd()      (in plain_wrapper.c  on line 152) with first param = NULL

And this function (php_open_temporary_fd()) has a new open_basedir check since 5.2.0.

( http://www.eeb-welt.de/php-error.gif )

I dont want to place /tmp in the open_basedir - param too or add an alternative TMPDIR to the env-vars.

Reproduce code:
---------------
        function file_list($dir, $mode) {
            $result = ftp_rawlist($this->stream, $dir);
            $data = array();
            if (is_array($result)) {
                foreach ($result as $key => $elem) {
                    preg_match("#^(d|-)([rwx\-]{9}) +([\d]+) ([\w\d\-]+) +([\w\d\-]+) +([\d]+) ([\w]{3}) +([\d]{1,2}) ([\d :]{5}) (.{3,})#i", $elem, $result_detailed);
                    if (isset($result_detailed[1])) {
                        $today = getdate();
                        $time = strtotime("$result_detailed[8] $result_detailed[7] $today[year] $result_detailed[9]");
                        if ($result_detailed[1] == "d" && $mode == 0) {
                            $data[] = array($result_detailed[10], $result_detailed[6], $time, 0);
                        } elseif ($result_detailed[1] == "-" && $mode == 1 && 
                                  !substr_count($result_detailed[10], ".ht") && 
                                  !substr_count($result_detailed[10], ".php")) {
                            $data[] = array($result_detailed[10], $result_detailed[6], $time, 1);
                        } elseif ($mode == 2) {
                            $type = ($result_detailed[1] == "-") ? 1 : 0;
                            $data[] = array($result_detailed[10], $result_detailed[6], $time, $type);
                        }
                    }
                }
                return $data;
            }
        }


Expected result:
----------------
Usually a 2-dimensional array and no basedir-errors

Actual result:
--------------
Warning: ftp_rawlist() [function.ftp-rawlist]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/web1/html/:/var/www/web1/phptmp/:/var/www/web1/files/) in /var/www/web1/html/admin/classes/class_ftp.php on line 51

Warning: ftp_rawlist() [function.ftp-rawlist]: Unable to create temporary file. Check permissions in temporary files directory. in /var/www/web1/html/admin/classes/class_ftp.php on line 51

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-05 16:28 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Seems perfectly logical to me, the code tries to create a 
temporary file on the system and fails to do so since /tmp is 
outside of open_basedir.

[2006-11-05 17:59 UTC] webmaster at eeb-world dot de

And why tries this function to create a temporary file in "/tmp" ? This path may be outside of open_basedir in 90% of all cases, instead of the most simple place > CWD < or something else, that is configurable.

I can't set my open_basedir to another value due security reasons and i can't change the TMPDIR - environment variable only for PHP.

[2006-11-05 18:06 UTC] iliaa@php.net

You can do setenv() inside the script that will only last for 
the duration of the request.

[2006-11-05 22:12 UTC] webmaster at eeb-world dot de

Sure ?
---------
<?php
    setenv("BAR", "foo");
    phpinfo();
?>
---------

=>

Fatal error: Call to undefined function setenv() in G:\localhost\phpinfo.php on line 2

[2006-11-05 23:04 UTC] rasmus@php.net

The function is called putenv()

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 14:01:30 2024 UTC