php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64634 copy() not working with stream wrappers when open_basedir is set
Submitted: 2013-04-11 19:14 UTC Modified: 2014-01-05 20:20 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ovidiu at softped dot com Assigned: ab (profile)
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5.4.14 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ovidiu at softped dot com
New email:
PHP Version: OS:

 

 [2013-04-11 19:14 UTC] ovidiu at softped dot com 
Description:
------------
When open_basedir is set to something other than "no value" the copy function 
fails when trying to read from php://input with the following message:

Warning: copy(): open_basedir restriction in effect. File(php://input) is not 
within the allowed path(s): (d:\server)

However, when trying file_get_contents('php://input') it successfully reads the 
data.

Test script:
---------------
<?php
copy('php://input','destination.txt');
?>

Expected result:
----------------
Expected a new file to be created "destination.txt" with the contents of 
php://input

Actual result:
--------------
Warning: copy(): open_basedir restriction in effect. File(php://input) is not 
within the allowed path(s): (d:\server)

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-04-19 08:31 UTC] ab@php.net
-Status: Open +Status: Analyzed
 [2013-04-19 08:31 UTC] ab@php.net 
Looks like the explicit basedir check can be removed in copy() as in the subsequential stack it calls _php_stream_open_wrapper_ex which would care about it anyway. Though I'm not sure what BC and security breaches it would introduce. 

@ovidiu what prevents you to use something like stream_copy_to_stream() or alike?
 [2013-04-20 18:56 UTC] ovidiu at softped dot net 
I was actually using fread / fwrite because I didn't know about 
stream_copy_to_stream() but I will it instead. Thank you.
 [2014-01-05 20:20 UTC] ab@php.net
-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: ab
 [2014-01-05 20:20 UTC] ab@php.net 
Ok then, better not to touch the running system :)
 [2020-05-12 13:16 UTC] alvin79 dot torre at gmail dot com 
The following pull request has been associated:

Patch Name: WIP: Prepare 2.x branch
On GitHub:  https://github.com/php/pecl-php-uploadprogress/pull/5
Patch:      https://github.com/php/pecl-php-uploadprogress/pull/5.patch
 [2020-05-12 13:21 UTC] alvin79 dot torre at gmail dot com 
The following pull request has been associated:

Patch Name: Add php7 compatibility
On GitHub:  https://github.com/php/pecl-event-libevent/pull/2
Patch:      https://github.com/php/pecl-event-libevent/pull/2.patch
 [2020-05-12 13:28 UTC] alvin79 dot torre at gmail dot com 
The following pull request has been associated:

Patch Name: Bump version
On GitHub:  https://github.com/php/pecl-networking-gearman/pull/1
Patch:      https://github.com/php/pecl-networking-gearman/pull/1.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 08:02:42 2024 UTC