php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74738 Multiple [PATH=] and [HOST=] sections not properly parsed
Submitted: 2017-06-10 13:41 UTC Modified: 2017-06-12 09:29 UTC
From: geert at vanwittlaer dot de Assigned: laruence
Status: Closed Package: *General Issues
PHP Version: 7.0.20 OS: Ubuntu 14.04
Private report: No CVE-ID:
 [2017-06-10 13:41 UTC] geert at vanwittlaer dot de
Description:
------------
With multiple [PATH=] or [HOST=] sections within a .ini file, it looks that just the content of the final section is applied for all sections.

Using the latest stable distribution of PHP 7.0.20 for Ubuntu 14.04

PHP 7.0.20-1~ubuntu14.04.1+deb.sury.org+1 (cli) (built: Jun  9 2017 08:27:48) ( NTS )

with apache2, php-fpm and FastCGI (latest stables)

Test script:
---------------
This can be reproduced e.g. by 

[PATH=/var/www/html/site1]
open_basedir = /.../site1]

[PATH=/var/www/html/site2]
open_basedir = /.../site2]

Attempting to run a script of site1 in the web browser results in an open_basedir not allowed  error, because open_basedir is set to /.../site2


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-10 20:06 UTC] manuel-php at mausz dot at
That's because in 7.0.20/7.1.6 they get completely ignored. See https://github.com/php/php-src/pull/2570 for a possible fix.
 [2017-06-11 09:17 UTC] geert at vanwittlaer dot de
Thanks - that's it, obviously. Can't test it myself as do not want to rebuild PHP on my machine.
 [2017-06-12 09:29 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2017-06-12 09:29 UTC] laruence@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC