php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9526 Copy function is not affected by the security settings
Submitted: 2001-03-02 09:45 UTC Modified: 2005-01-31 23:03 UTC
From: victor dot dias-fernandes at cec dot eu dot int Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.0.4pl1 OS: NT
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: victor dot dias-fernandes at cec dot eu dot int
New email:
PHP Version: OS:

 

 [2001-03-02 09:45 UTC] victor dot dias-fernandes at cec dot eu dot int
It appears that the copy function is not affected by the security restrictions set on the php.ini file

PHP.ini:

Safe_mode=On
Open_basedir=d:\www\htdocs

With a script like:
print('<font color=#007700>Try to copy() c:\winnt\win.ini to d:\www\htdocs\phptest</tr></font><br>');
if (!copy('c:\winnt\win.ini', 'd:\www\htdocs\phptest\win.ini')) {
	print('<font color=#007700><b>OK</b>: Copy() Failed</font>');
}
else
{
	print('<font color=#DD0000><b>Warning</b>: Copy() Succeeded!!!</font>');
}
print('<br>=====================================================<br>');
print('<font color=#007700>Try to fopen() file d:\www\htdocs\phptest\win.ini</font><br>');
if (!fopen( 'd:\www\htdocs\phptest\win.ini', 'r' )) {
	print('<font color=#007700><b>OK</b>: Fopen() Failed</font>');
}
else
{
	print('<font color=#DD0000><b>Warning</b>: Fopen() Succeeded!!!</font>');
}

I can copy a file from a forbiden directory to an allowed one and the read it.

Other functions that I have tested don't have this "bug".

I tested with Apache for Windows 1.3.14 and the PHP4 module

Best regards,

Victor Fernandes

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-19 18:53 UTC] rasmus@php.net
Fixed in CVS
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Jan 29 12:01:24 2020 UTC