|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-07-12 15:38 UTC] cmb@php.net
-Type: Security
+Type: Bug
[2021-07-12 15:38 UTC] cmb@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 12:01:28 2024 UTC |
Description: ------------ initial script directory: /var/www/html open_basedir setting: /var/www/html initial session save path: default after executing test script, session is saved in the /other-customer-session-dir location Test script: --------------- <?php echo session_save_path()."<br>"; mkdir("a"); mkdir("a/b"); mkdir("a/b/c"); chdir("a/b/c"); session_save_path("../../../other-customer-session-dir"); chdir("../../.."); echo session_save_path()."<br>"; session_start(); $_SESSION['admin']=1; Expected result: ---------------- session is not saved in /other-customer-session-dir because this is outside open_basedir and inital location (when removed chdir from this code session_save_path("../../../other-customer-session-dir"); fails) Actual result: -------------- session is saved in /other-customer-session-dir