php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58578 open_basedir return error
Submitted: 2009-03-09 05:09 UTC Modified: 2009-03-09 06:37 UTC
From: r at pro-9 dot com Assigned: pajoye (profile)
Status: Not a bug Package: htscanner (PECL)
PHP Version: 5.2.5 OS: gentoo linux
Private report: No CVE-ID: None
 [2009-03-09 05:09 UTC] r at pro-9 dot com
Description:
------------
php_value open_basedir return error:
php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: /www:/tmp
(12, 10) failed! 
in Unknown on line 0
but other parameters, e.g php_value session.save_path is fine.
 


Reproduce code:
---------------
htscanner.ini file:
extension="htscanner.so"
config_file=".htaccess"
default_docroot="/"
default_ttl=300
stop_on_error = 0

safe_mode in php.ini is Off
open_basedir in php.ini is undefined (phpinfo say: no value)

.htaccess file:
php_value session.save_path /var/tmp
php_value open_basedir /www:/tmp

Expected result:
----------------
session.save_path /var/tmp
open_basedir /www:/tmp


Actual result:
--------------
session.save_path /var/tmp
open_basedir no value

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-09 05:54 UTC] pierre dot php at gmail dot com
Can you try using:

php_value open_basedir "/www:/tmp"
 [2009-03-09 06:23 UTC] r at pro-9 dot com
I try with quotes, result is similar. Error message there:
Mar  9 13:08:20 vh7 php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: "/www:/tmp"
Mar  9 13:08:20 vh7 ) (12, 12) failed!
Mar  9 13:08:20 vh7 in Unknown on line 0

The second digit is different in error message: 12, without quotes it is 10
 [2009-03-09 06:37 UTC] pierre dot php at gmail dot com
Thank you for taking the time to write to us, but this is not
a bug.

Well, it is Monday morning :)

open_basedir cannot (and should not) be overwritten using a per directory configuration option (from the www root). If not, it will defeat its whole purpose. Imagine someone simply changing it to \ and then do fopen("/etc/passwd");

Future versions of htscanner will allow the admins to set options per directory at the system level, which will be set during PHP's init phases. Something like what we have in 5.3:
[PATH=/www/site1]
open_basedir=/www/site1

Sorry to do not have replied that in the first place.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 11:01:27 2024 UTC