php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52065 Warning about open_basedir restriction while accessing a file as directory
Submitted: 2010-06-12 14:58 UTC Modified: 2015-06-04 00:00 UTC
Votes:29
Avg. Score:4.2 ± 1.0
Reproduced:26 of 26 (100.0%)
Same Version:11 (42.3%)
Same OS:14 (53.8%)
From: manuel at mausz dot at Assigned:
Status: Verified Package: Safe Mode/open_basedir
PHP Version: 5.6.8 OS: Unix
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: manuel at mausz dot at
New email:
PHP Version: OS:

 

 [2010-06-12 14:58 UTC] manuel at mausz dot at
Description:
------------
fopen_wrappers raise warning about open_basedir restriction in effect while accessing a file as a directory. This only occurs if the file exists.


Test script:
---------------
# sapi/cli/php -n -d open_basedir="$(pwd)" -r 'var_dump(is_readable("myfile/doesntexist"));'
# touch myfile
# sapi/cli/php -n -d open_basedir="$(pwd)" -r 'var_dump(is_readable("myfile/doesntexist"));'


Expected result:
----------------
bool(false)

bool(false)

Actual result:
--------------
bool(false)

Warning: is_readable(): open_basedir restriction in effect. File(myfile/doesntexist) is not within the allowed path(s): (/home/manuel/php5.3-201006120030) in Command line code on line 1
bool(false)


Patches

open-basedir-without-realpath (last revision 2015-04-29 20:11 UTC by cmb@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-08-11 12:20 UTC] manuel at mausz dot at
Can someone please finally take a look at this?
 [2012-04-28 07:18 UTC] nick at aussiecom dot com
Why hasn't this bug been resolved? It's nearly 2 years old...
 [2012-08-08 07:20 UTC] mein at e3b dot org
This bug is also present in php 5.4...
 [2015-04-29 20:11 UTC] cmb@php.net
The following patch has been added/updated:

Patch Name: open-basedir-without-realpath
Revision:   1430338315
URL:        https://bugs.php.net/patch-display.php?bug=52065&patch=open-basedir-without-realpath&revision=1430338315
 [2015-04-29 20:14 UTC] cmb@php.net
-Status: Open +Status: Verified -PHP Version: 5.3SVN-2010-06-12 (SVN) +PHP Version: 5.6.8
 [2015-04-29 20:14 UTC] cmb@php.net
The patch open-basedir-without-realpath would fix this issue, but
it might have security implications or other undesired side
effects.
 [2015-06-03 08:26 UTC] pajoye@php.net
Any news on this one? Edge case but still :)
 [2015-06-04 00:00 UTC] cmb@php.net
Considering the amount of closely related bug reports[1], I
wouldn't necessarily call that an edge case, Pierre. :)

I'll make a PR based on my patch with some tests, if no one beats
me to it.

[1] I've assembled a maybe non-exhaustive list in
<http://news.php.net/php.internals/86301>.
 [2015-09-22 10:20 UTC] jan dot prachar at gmail dot com
Broken since 5.3.0, see https://3v4l.org/paO83
 [2018-02-28 22:26 UTC] a19836 at gmail dot com
Why isn't this bug fixed yet?
It was detected in 2013 or even before. And already passed 5 years... 

I trying the following example with PHP 7 and I'm getting exactly the same error.

<?
ini_set("open_basedir", __DIR__);
file_put_contents(__DIR__ . "/foo.txt", "bar");
echo "EXISTS:".file_exists(__DIR__ . "/foo.txt/");
?>

Error: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/www/html/test/foo.txt/) is not within the allowed path(s): (/var/www/html/test) in /var/www/html/test/test.php on line 4

Can you please fix this and let me know please?
Thanks
 [2018-10-02 05:08 UTC] sriccio at swisscenter dot com
We're seeing this in all the PHP versions we use (5.6, 7.0, 7.1, 7.2).

Literally spent hours trying to understand why we have these warning even that the paths are allowed in the open_basedir directive.

Finally it was because the parent dir of a path was in fact a file and not a dir.

The warning message is really misleading...

It would really be nice to fix this
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Fri Dec 14 13:01:25 2018 UTC