php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53352 open_basedir does not pass through files with matching path
Submitted: 2010-11-19 09:53 UTC Modified: 2010-11-24 10:17 UTC
From: dmitrij at stepanov dot lv Assigned: pajoye (profile)
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5.3SVN-2010-11-19 (SVN) OS: Windows 7
Private report: No CVE-ID: None
View Developer Edit
 [2010-11-19 09:53 UTC] dmitrij at stepanov dot lv 
Description:
------------
Right after installing PHP 5.3.4RC1 i get the following error:

[19-Nov-2010 08:47:47] PHP Warning:  Unknown: open_basedir restriction in effect. File(C:\Users\Dmitry\Repo\InnoForce\AMD\trunc\01_Code\public_html\index.php) is not within the allowed path(s): (C:/Users/Dmitry/Repo/InnoForce/AMD/trunc/01_Code/;C:/Windows/Temp) in Unknown on line 0

[19-Nov-2010 08:47:47] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0

[19-Nov-2010 08:47:47] PHP Fatal error:  Unknown: Failed opening required 'C:/Users/Dmitry/Repo/InnoForce/AMD/trunc/01_Code/public_html/index.php' (include_path='.;C:\php5\pear') in Unknown on line 0

It was working with PHP 5.3.3.

Test script:
---------------
# open_basedir in apache config
php_admin_value open_basedir "C:/Users/Dmitry/Repo/InnoForce/AMD/trunc/01_Code/;C:/Windows/Temp"


Expected result:
----------------
No errors

Actual result:
--------------
[19-Nov-2010 08:47:47] PHP Warning:  Unknown: open_basedir restriction in effect. File(C:\Users\Dmitry\Repo\InnoForce\AMD\trunc\01_Code\public_html\index.php) is not within the allowed path(s): (C:/Users/Dmitry/Repo/InnoForce/AMD/trunc/01_Code/;C:/Windows/Temp) in Unknown on line 0

[19-Nov-2010 08:47:47] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0

[19-Nov-2010 08:47:47] PHP Fatal error:  Unknown: Failed opening required 'C:/Users/Dmitry/Repo/InnoForce/AMD/trunc/01_Code/public_html/index.php' (include_path='.;C:\php5\pear') in Unknown on line 0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-19 13:41 UTC] pajoye@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2010-11-23 23:14 UTC] pajoye@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=305698
Log: - fixed #53352
 [2010-11-23 23:16 UTC] pajoye@php.net
-Status: Assigned +Status: Feedback
 [2010-11-23 23:16 UTC] pajoye@php.net 
Fixed in trunk and 5.3

please try using a snapshot.You can fetch a snapshot of trunk or 5.3 here:

http://rmtools.php.net/snaps/

Fetch a snap equal or superior to r305698 (should show up shortly).
 [2010-11-24 07:24 UTC] dmitrij at stepanov dot lv 
Still see no snap at http://rmtools.php.net/snaps/ that is superior to r305698. Once it's there, I will reply with the results.
 [2010-11-24 09:59 UTC] pajoye@php.net 
Superior or equal to r305698, the r305698 is there :)
 [2010-11-24 10:09 UTC] dmitrij at stepanov dot lv 
Sorry, my bad. Missed the "equal or" opcode :)

r305698 works fine, issue is gone. Thanks.
 [2010-11-24 10:17 UTC] pajoye@php.net
-Status: Feedback +Status: Closed
 [2010-11-24 10:17 UTC] pajoye@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2010-12-09 18:04 UTC] pajoye@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=306136
Log: - missing merge fix for #53352
 [2010-12-20 18:18 UTC] lekensteyn at gmail dot com 
Please see bug #53577 (marked as dupe), the patch provided was incomplete.

Direct link to the patch:
http://bugs.php.net/patch-display.php?bug_id=53577&patch=open_basedir-trailing-slash-fix-PHP_5_3&revision=latest
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC