php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #55651 Option to force PHP to ignore the PASV address returned
Submitted: 2011-09-09 08:09 UTC Modified: 2015-12-15 12:01 UTC
Votes:182
Avg. Score:4.7 ± 0.6
Reproduced:166 of 166 (100.0%)
Same Version:67 (40.4%)
Same OS:115 (69.3%)
From: abrender at elitehosts dot com Assigned: kaplan
Status: Closed Package: FTP related
PHP Version: 5.3.8 OS: All
Private report: No CVE-ID:
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
32 - 28 = ?
Subscribe to this entry?

 
 [2011-09-09 08:09 UTC] abrender at elitehosts dot com
Description:
------------
In response to the PASV command, FTP servers sometimes return their IP address 
(10.X for example) and PHP honors this IP address, stores it in ftp->pasvaddr 
and uses that for future connections.

This is problematic because PHP won't be able to communicate with a server 
behind a NAT device using passive FTP.

The attached patch adds the USEPASVADDRESS option (a boolean) which can be set 
and read via the ftp_set_option() and ftp_get_option() functions. USEPASVADDRESS 
is set to TRUE by default to preserve existing functionality. When 
USEPASVADDRESS is set to FALSE, the ftp extension will ignore the IP address 
returned by the PASV command and instead use the IP address passed to 
ftp_connect() (or ftp_ssl_connect())

In the future we may expand the values to include AUTO which would ignore any 
RFC 1918 IP addresses returned by the PASV command.

The only thing to note is that the call to ftp_set_option() must be made before 
ftp_pasv() is called.


Patches

ftp_usepasvaddress_php70.patch.patch (last revision 2016-01-23 04:52 UTC) by edistro01 at gmail dot com)
ftp_usepasvaddress_php70.patch (last revision 2015-12-10 12:00 UTC) by kaplan@php.net)
ftp_usepasvaddress.patch (last revision 2011-09-09 08:10 UTC) by abrender at elitehosts dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-10 15:57 UTC] abrender at elitehosts dot com
PS - this patch works against PHP 5.2.17 as well as 5.3.8
 [2013-08-24 23:24 UTC] abrender at elitehosts dot com
Hi,

Any chance of this patch getting reviewed and accepted? (A more detailed 
explanation is at http://www.elitehosts.com/blog/php-ftp-passive-ftp-server-
behind-nat-
nightmare/)

There were 78 votes, 72 people reproduced the problem and other people are 
seeing the same problem:

http://blog.derakkilgo.com/2013/08/24/php-has-a-ftps-bug-please-vote-this-bug-
up-so-someone-will-approve-this-patch/

https://bugs.php.net/bug.php?id=64600

http://www.codingforums.com/archive/index.php/t-285742.html

http://www.techques.com/question/1-2851547/How-to-Send-File-over-secure-FTP-SSL-
Protocol

http://www.webdeveloper.com/forum/showthread.php?236275-ftp_connect-blocked

Thanks!
 [2015-09-03 13:41 UTC] oskar dot danielsson at hotmail dot com
It has been almost exactly four years since this bug report was created, but the bug persists in version 5.6.10. It has 165 votes with a 100% rate of reproduction. Why isn't this being reviewed?
 [2015-12-04 10:43 UTC] lucas dot bedout at free dot fr
Is the patch for 5.3.8 working on > 5.6 ?
 [2015-12-10 09:48 UTC] kaplan@php.net
The patch can be applied up until 5.6.10, after that is it requires a small typo change in ext/ftp/ftp.h to work ("configureable" -> "configurable"). It needs adaptation for the 7.0 branch.
 [2015-12-10 12:00 UTC] kaplan@php.net
The following patch has been added/updated:

Patch Name: ftp_usepasvaddress_php70.patch
Revision:   1449748839
URL:        https://bugs.php.net/patch-display.php?bug=55651&patch=ftp_usepasvaddress_php70.patch&revision=1449748839
 [2015-12-15 12:01 UTC] kaplan@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: kaplan
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri May 26 05:01:48 2017 UTC