|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79851 open_basedir no longer restricts access to http://
Submitted: 2020-07-13 12:38 UTC Modified: 2020-07-13 13:28 UTC
From: Assigned: cmb (profile)
Status: Closed Package: Filesystem function related
PHP Version: 8.0.0alpha2 OS: archLinux
Private report: No CVE-ID: None
 [2020-07-13 12:38 UTC]
Previously open_basedir would prevent file-functions from accessing protocols such as http. It no longer does, and this change doesn't appear to be documented anywhere. This might simply need an entry in upgrading as is correct according to

originally found as

Test script:
$file = '';
$newfile = 'example.txt';

copy($file, $newfile);

Expected result:
Warning: copy(): open_basedir restriction in effect. File( is not within the allowed path(s): (/tmp:/in:/etc) in /in/oLWdo on line 5

Actual result:
Warning: copy(): php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /in/oLWdo on line 5


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-13 12:59 UTC]
-Assigned To: +Assigned To: cmb
 [2020-07-13 12:59 UTC]
This one probably isn't PHP 8 specific, just not rolled out on earlier branches yet. It's presumably introduced by

@cmb: The new behavior is correct, right?
 [2020-07-13 13:17 UTC]
-Status: Assigned +Status: Feedback
 [2020-07-13 13:17 UTC]
> The new behavior is correct, right?

In my opinion, yes.  Why should open_basedir affect HTTP URLs?

I don't even think this needs a special note (UPGRADING or such).
It's just a bug fix, isn't it?
 [2020-07-13 13:21 UTC]
Yeah, seeing how this just matches the behavior with other functions like fopen(), I don't think special action is needed.
 [2020-07-13 13:28 UTC]
-Status: Feedback +Status: Closed
 [2020-07-13 13:28 UTC]
I agree, but I think some people will be bitten by this anyway which is why it might deserve a line in UPGRADING
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 12:01:31 2024 UTC