php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54726 partial open_basedir path no longer works
Submitted: 2011-05-13 09:41 UTC Modified: 2011-05-21 03:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: superaap at gmail dot com Assigned:
Status: Duplicate Package: Safe Mode/open_basedir
PHP Version: 5.3.6 OS: CentOS release 5.4 (Final)
Private report: No CVE-ID: None
 [2011-05-13 09:41 UTC] superaap at gmail dot com
Description:
------------
Our VirtualHost points to a symlink which links to the document_root of the 
current application version.

Example directory list;
l /var/www/html/application -> /var/www/html/application-v1.2.3
d /var/www/html/application-v1.2.2
d /var/www/html/application-v1.2.3

Before v5.3 (5.2.4 I think) using the entire symlink path as open_basedir value 
would sitll trigger 
open_basedir error's. We worked around this problem by using the partial suffix 
'/var/www/html/app'.
This behaviour was fixed when we upgraded to v5.3.2 were the entire symlink path 
would work as well, but we 
did not bother to update all our vhost's as both methods now worked.

But now we have upgraded to v5.3.6 the partial paths no longer work.
Warning: require_once() [function.require-once]: open_basedir restriction in 
effect. 
File(/var/www/html/application-v1.2.3/bootstrap.php) is not within the allowed 
path(s): (.:/var/www/html/app)

This behaviour seems to be broken since r305698 where the open_basedir is always 
appended with a directory 
separator;
--- php/php-src/trunk/main/fopen_wrappers.c	2010/11/23 21:49:18	305697
+++ php/php-src/trunk/main/fopen_wrappers.c	2010/11/23 22:14:54	305698
@@ -233,6 +233,9 @@
 				resolved_basedir[resolved_basedir_len] = 
PHP_DIR_SEPARATOR;
 				resolved_basedir[++resolved_basedir_len] = '\0';
 			}
+		} else {
+				resolved_basedir[resolved_basedir_len++] = 
PHP_DIR_SEPARATOR;
+				resolved_basedir[resolved_basedir_len] = '\0';
 		}
 
 		resolved_name_len = strlen(resolved_name);


I don't think this change was intended because it is not listed in the 
changelog, and breaks backward 
compatibility in a minor release.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-21 02:19 UTC] felipe@php.net
See bug #53577
 [2011-05-21 03:24 UTC] pajoye@php.net
-Status: Open +Status: Duplicate
 [2011-05-21 10:27 UTC] superaap at gmail dot com
Seems related to bug #53352 too, which was fixed in r305698

I'll try to build the latest snap and verify whether my problem was fixed as well. 
The patch looks promising.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 14:01:23 2020 UTC