|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #48111 unlink() does not delete symlinks without a target if open_basedir is used
Submitted: 2009-04-29 17:42 UTC Modified: 2011-04-08 18:21 UTC
Avg. Score:3.4 ± 1.5
Reproduced:5 of 6 (83.3%)
Same Version:3 (60.0%)
Same OS:3 (60.0%)
From: simon at stienen dot name Assigned:
Status: Open Package: Safe Mode/open_basedir
PHP Version: 5.2.9 OS: FreeBSD 7.1-RELEASE/amd64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-04-29 17:42 UTC] simon at stienen dot name
unlink()ing a symlink with its target missing fails with an open_basedir error.

This might be related to (actual deletion changed, but sanitization still uses target?) and/or (missing target (empty string?) is considered to be outside of open_basedir?)

Reproduce code:

echo "creating link\n";
symlink('nonexisting_target', 'link');

echo "unlinking link\n";

echo "creating target\n";
file_put_contents('nonexisting_target', 'foo');

echo "unlinking link (again)\n";

echo "unlinking target\n";

Expected result:
Run with php -d open_basedir=

creating link
unlinking link
creating target
unlinking link (again)

Warning: unlink(link): No such file or directory in /tmp/- on line 13
unlinking target

Actual result:
Run with php -d open_basedir=/

creating link
unlinking link

Warning: unlink(): open_basedir restriction in effect. File(link) is not within the allowed path(s): (/) in /tmp/- on line 7
creating target
unlinking link (again)
unlinking target


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-29 20:39 UTC] simon at stienen dot name
Ok, a possible solution would be to apply the open_basedir check to the parent directory instead of the file or the symlink itself.

I have implemented and slightly tested this, but please consider that my C knowledge is somewhat limited and I have almost no insight into PHPs internals, so please treat these diffs with the necessary care:
 [2010-02-14 20:27 UTC] antoine dot contal+bugs dot php dot net at gmail dot com
Same issue with PHP 5.2.11.
 [2011-04-08 18:21 UTC]
-Package: Feature/Change Request +Package: Safe Mode/open_basedir
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 12:01:27 2019 UTC