PHP :: Bug #7973 :: Safe Mode absolute path behaviour changed

Bug #7973	Safe Mode absolute path behaviour changed
Submitted:	2000-11-25 17:06 UTC	Modified:	2002-01-02 13:51 UTC
From:	james at mcglinn dot org	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	4.0.3pl1	OS:	Red Hat Linux 5.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	james at mcglinn dot org
New email:
PHP Version:		OS:

New/Additional Comment:

[2000-11-25 17:06 UTC] james at mcglinn dot org

Under PHP 4.0.1pl2 running in Safe Mode with the php_doc_root admin flag set to the user's home directory, a require()'d or include()'d (or auto_prepended) file could be specified as '/html/path/to/file', which would be evaluated as php_doc_root/html/path/to/file.

After upgrading to PHP 4.0.3pl1 this is no longer working, and all files appear to require their absolute paths to be used, ie $DOCUMENT_ROOT . "/path/to/file".

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-12-12 06:29 UTC] yohgaki@php.net

Nobody has touched this bug report for a long time.
Is this still a issue?

To reporter: Could you try 4.1.0 see if there is problem?

[2001-12-12 08:41 UTC] yohgaki@php.net

Status = Feedback

[2002-01-02 13:51 UTC] lobbin@php.net

No feedback. Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 07 10:01:32 2024 UTC