PHP :: Request #41620 :: Can't pass VirtualDocumentRoot Vars

Request #41620	Can't pass VirtualDocumentRoot Vars
Submitted:	2007-06-07 07:38 UTC	Modified:	2007-06-07 08:23 UTC
From:	ruud at rb-sound dot nl	Assigned:
Status:	Not a bug	Package:	Feature/Change Request
PHP Version:	5.2.3	OS:	FreeBSD
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2007-06-07 07:38 UTC] ruud at rb-sound dot nl

Description:
------------
php_admin_value open_basedir /usr/local/apache/vhosts/%0/www/

The %0 only works on VirtualDocumentRoot. php doens't read the %0 value.

Reproduce code:
---------------
In this example i try to chroot php. So user's can only access there home dir.

<VirtualHost *> 
Use CanonicalName off  # use the name from the Host: header instead of the DNS name
VirtualDocumentRoot /usr/local/apache/vhosts/%0/www/public_html/
php_admin_value open_basedir /usr/local/apache/vhosts/%0/www/
<VirtualHost>

The %0 only works on VirtualDocumentRoot. php doens't read the %0 value.

Expected result:
----------------
php_admin_value open_basedir /usr/local/apache/vhosts/www.domain.tld/www/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-06-07 07:40 UTC] ruud at rb-sound dot nl

Apache reports bug as a php bug
http://issues.apache.org/bugzilla/show_bug.cgi?id=42606

[2007-06-07 07:50 UTC] tony2001@php.net

>The %0 only works on VirtualDocumentRoot. 
>php doens't read the %0 value.

What %0 is supposed to mean?

[2007-06-07 08:03 UTC] ruud at rb-sound dot nl

%0 is the full name of the virtual host.
For masshosting you can use this type of variables to create a dynamic configuration.

If you use a config like this :
VirtualDocumentRoot /usr/www_data/%0/www/public_html/

And you vist www.example.tld
Apache will start serving from /usr/www_data/www.example.tld/www/public_html/

If you visit www.test.tld
Apache will start serving from /usr/www_data/www.test.tld/www/public_html/

For security reasons you want to chroot php to one level up.
For example 1 you want the following setting
php_admin_value open_basedir /usr/www_data/www.example.tld/www/
With this setting php can't reach the files of www.test.tld if your visiting www.example.tld. But can reach files one level up.

Php doesn't process the vars of apache.

For a full description of other var command please check.
http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html\

If this function works you can secure every domain and still run php as the www user for every domain.

[2007-06-07 08:23 UTC] tony2001@php.net

The %0 thing is supported by mod_vhost_alias.
We do not plan to re-implement it in PHP, but we would gladly review a patch.

[2016-12-11 21:22 UTC] dustyscholtz at gmx dot net

10 years later and still no solution?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 13:01:31 2024 UTC