PHP :: Bug #45262 :: file_exists throws warnings in basedir

Bug #45262	file_exists throws warnings in basedir_restriction mode
Submitted:	2008-06-13 14:13 UTC	Modified:	2008-06-13 16:39 UTC
From:	php at ralph-schuster dot eu	Assigned:
Status:	Not a bug	Package:	Safe Mode/open_basedir
PHP Version:	5.2.6	OS:	Linux 2.6.13/SuSE
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php at ralph-schuster dot eu
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-06-13 14:13 UTC] php at ralph-schuster dot eu

Description:
------------
function file_exists() throws warning message again when in safe mode. There was a bug #21531 that addressed similar problem with 4.x version.

Configuration used:

allow_call_time_pass_reference	On	On
allow_url_fopen	On	On
allow_url_include	Off	Off
always_populate_raw_post_data	Off	Off
arg_separator.input	&	&
arg_separator.output	&	&
asp_tags	Off	Off
auto_append_file	no value	no value
auto_globals_jit	On	On
auto_prepend_file	no value	no value
browscap	no value	no value
default_charset	no value	no value
default_mimetype	text/html	text/html
define_syslog_variables	Off	Off
disable_classes	no value	no value
disable_functions	no value	no value
display_errors	Off	Off
display_startup_errors	Off	Off
doc_root	no value	no value
docref_ext	no value	no value
docref_root	no value	no value
enable_dl	On	On
error_append_string	no value	no value
error_log	/var/log/php.log	/var/log/php.log
error_prepend_string	no value	no value
error_reporting	6135	6135
expose_php	On	On
extension_dir	/usr/local/php/CURRENT/extensions	/usr/local/php/CURRENT/extensions
file_uploads	On	On
highlight.bg	#FFFFFF	#FFFFFF
highlight.comment	#FF8000	#FF8000
highlight.default	#0000BB	#0000BB
highlight.html	#000000	#000000
highlight.keyword	#007700	#007700
highlight.string	#DD0000	#DD0000
html_errors	On	On
ignore_repeated_errors	Off	Off
ignore_repeated_source	Off	Off
ignore_user_abort	Off	Off
implicit_flush	Off	Off
include_path	.:/usr/local/php/CURRENT/lib/php	.:/usr/local/php/CURRENT/lib/php
log_errors	On	On
log_errors_max_len	1024	1024
magic_quotes_gpc	Off	On
magic_quotes_runtime	Off	Off
magic_quotes_sybase	Off	Off
mail.force_extra_parameters	no value	no value
max_execution_time	60	30
max_input_nesting_level	64	64
max_input_time	60	60
memory_limit	32M	128M
open_basedir	/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs:/tmp	no value
output_buffering	no value	no value
output_handler	no value	no value
post_max_size	8M	8M
precision	12	12
realpath_cache_size	16K	16K
realpath_cache_ttl	120	120
register_argc_argv	On	On
register_globals	Off	Off
register_long_arrays	On	On
report_memleaks	On	On
report_zend_debug	On	On
safe_mode	Off	Off
safe_mode_exec_dir	/srv/www/vhosts/safebin/	/srv/www/vhosts/safebin/
safe_mode_gid	Off	Off
safe_mode_include_dir	no value	no value
sendmail_from	no value	no value
sendmail_path	/usr/sbin/sendmail -t -i	/usr/sbin/sendmail -t -i
serialize_precision	100	100
short_open_tag	On	On
SMTP	localhost	localhost
smtp_port	25	25
sql.safe_mode	Off	Off
track_errors	Off	Off
unserialize_callback_func	no value	no value
upload_max_filesize	16M	2M
upload_tmp_dir	no value	no value
user_dir	no value	no value
variables_order	EGPCS	EGPCS
xmlrpc_error_number	0	0
xmlrpc_errors	Off	Off
y2k_compliance	On	On
zend.ze1_compatibility_mode	Off	Off

Reproduce code:
---------------
if (!file_exists($path)) {
...
}

// $path seems to combine URLs and local paths illegally
// but its third party code

Expected result:
----------------
no PHP warning message

Actual result:
--------------
[11-Jun-2008 10:45:44] PHP Warning:  file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocshttp://office.euroversichert.de/phpgwapi/templates/idots/css/idots.css?1180943265) is not within the allowed path(s): (/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs:/tmp) in /srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs/phpgwapi/inc/class.egw_framework.inc.php on line 563

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-06-13 14:26 UTC] php at ralph-schuster dot eu

it is "in basedir_restriction" mode, not safe_mode. Sorry for confusion

[2008-06-13 16:39 UTC] felipe@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 14:01:29 2024 UTC