|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58578 open_basedir return error
Submitted: 2009-03-09 05:09 UTC Modified: 2009-03-09 06:37 UTC
From: r at pro-9 dot com Assigned: pajoye (profile)
Status: Not a bug Package: htscanner (PECL)
PHP Version: 5.2.5 OS: gentoo linux
Private report: No CVE-ID: None
 [2009-03-09 05:09 UTC] r at pro-9 dot com
php_value open_basedir return error:
php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: /www:/tmp
(12, 10) failed! 
in Unknown on line 0
but other parameters, e.g php_value session.save_path is fine.

Reproduce code:
htscanner.ini file:
stop_on_error = 0

safe_mode in php.ini is Off
open_basedir in php.ini is undefined (phpinfo say: no value)

.htaccess file:
php_value session.save_path /var/tmp
php_value open_basedir /www:/tmp

Expected result:
session.save_path /var/tmp
open_basedir /www:/tmp

Actual result:
session.save_path /var/tmp
open_basedir no value


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-09 05:54 UTC] pierre dot php at gmail dot com
Can you try using:

php_value open_basedir "/www:/tmp"
 [2009-03-09 06:23 UTC] r at pro-9 dot com
I try with quotes, result is similar. Error message there:
Mar  9 13:08:20 vh7 php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: "/www:/tmp"
Mar  9 13:08:20 vh7 ) (12, 12) failed!
Mar  9 13:08:20 vh7 in Unknown on line 0

The second digit is different in error message: 12, without quotes it is 10
 [2009-03-09 06:37 UTC] pierre dot php at gmail dot com
Thank you for taking the time to write to us, but this is not
a bug.

Well, it is Monday morning :)

open_basedir cannot (and should not) be overwritten using a per directory configuration option (from the www root). If not, it will defeat its whole purpose. Imagine someone simply changing it to \ and then do fopen("/etc/passwd");

Future versions of htscanner will allow the admins to set options per directory at the system level, which will be set during PHP's init phases. Something like what we have in 5.3:

Sorry to do not have replied that in the first place.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat May 21 05:03:37 2022 UTC