php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44901 open_basedir as prefix complains on attempts to access non-existant files
Submitted: 2008-05-03 00:41 UTC Modified: 2015-06-04 14:50 UTC
Votes:9
Avg. Score:4.2 ± 1.0
Reproduced:9 of 9 (100.0%)
Same Version:8 (88.9%)
Same OS:8 (88.9%)
From: jake at yahoo-inc dot com Assigned: cmb (profile)
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5.*, 6CVS (2009-03-16) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jake at yahoo-inc dot com
New email:
PHP Version: OS:

 

 [2008-05-03 00:41 UTC] jake at yahoo-inc dot com
Description:
------------
When using open_basedir as a prefix, attempting to access files or directories which match the prefix but are not present on the filesystem raise open_basedir restriction warnings.



Reproduce code:
---------------
// create files or directories on the file system "/foo1", "/foo2"
// add "/foo" (not "/foo/") to the open basedir restriction, then:

var_dump(file_exists('/foo1'));
var_dump(file_exists('/foo2'));
var_dump(file_exists('/foo3'));



Expected result:
----------------
this is the output returned:
bool(true)
bool(true)
bool(false)

which is expected, however, the "false" returned by the third call is disingenuous... it is false because the call is being blocked by open_basedir, and the following warning is triggered:

[Fri May  2 17:33:05 2008] [error] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/foo3) is not within the allowed path(s)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-25 18:07 UTC] softwareelves at gmail dot com
This bug doesn't seem to exist in 5.2.x.

I found it's not just a trailing slash but anything after an existing file path.

I found an easy way to show this bug:

error_reporting( E_ALL | E_STRICT );

var_dump( file_exists( __FILE__ ) );
var_dump( file_exists( __FILE__."/something_that_doesnt_exists" ) );

ini_set( "open_basedir", dirname( __FILE__ ) );

var_dump( file_exists( __FILE__ ) );
var_dump( file_exists( __FILE__."/something_that_doesnt_exists" ) );
 [2013-12-24 23:40 UTC] aaron dot hamid at gmail dot com
Seems related to https://bugs.php.net/bug.php?id=41518 (which is closed) as well
 [2013-12-24 23:50 UTC] aaron dot hamid at gmail dot com
Cannot reproduce on PHP-5.6 branch.
 [2015-06-04 14:50 UTC] cmb@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-06-04 14:50 UTC] cmb@php.net
This ticket is obsolete, because the open_basedir restriction
can't be used as prefix as of PHP 5.2.16 and 5.3.4[1].

[1] <http://php.net/manual/en/ini.core.php#ini.open-basedir>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC