|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70362 copy() not work with 'data://' and open_basedir if bigger than MAXPATHLEN
Submitted: 2015-08-26 16:04 UTC Modified: -
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: prochazkapp at gmail dot com Assigned:
Status: Open Package: Filesystem function related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: prochazkapp at gmail dot com
New email:
PHP Version: OS:


 [2015-08-26 16:04 UTC] prochazkapp at gmail dot com
If open_basedir is enabled, 'data://' wrapper does not work correctly with copy() for data bigger than MAXPATHLEN.

I found this bug in php 5.5.21 but it affects all versions (even 7).

Here is why:
copy() calls php_check_open_basedir
And this checks source len end trigger error.
But source len is not relevant for e.g. 'data://' wrapper (and possible some other wrappers).

This seems fixed in some other file functions:

If data:// wrapper is not intended to work with copy, it should be mentioned in docs, but function works otherwise perfectly with disabled open_basedir or for smaller data.

This may be related to but I believe it's not duplicate.

Test script:
ini_set('open_basedir', '/');
$temp = tempnam(__DIR__, 'test');
$data = str_repeat('0', PHP_MAXPATHLEN * 2);
$data = 'data://plain/text;base64,' . base64_encode($data);
var_dump(copy($data, $temp));

Expected result:

Actual result:
Warning: copy(): File name is longer than the maximum allowed path length on this platform (4096): data:plain/text;base64,... in ... on line 6


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Feb 21 06:01:29 2020 UTC