ID: 19395 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: *General Issues Operating System: Linux 2.4.16-4GB (SuSE kernel) PHP Version: 4.2.3 New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2002-09-13 12:05:40] [EMAIL PROTECTED] In http://www.php.net/manual/en/printwn/configuration.php#ini.open-basedir it says: When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/" We have three test webs: /home/www/www1 /home/www/www4 /home/www/www102 Each web has it's own virtual host and open_basedir set to it's directory: For www1 phpinfo() says: safe_mode: On open_basedir: /home/www/www1/ (<- closing slash!) With test.php in /home/www/www1/html/ <? $parent = dir('/home/www/www102/html'); ?> I get: Warning: SAFE MODE Restriction in effect. ... Changing it to read www4's dir: <? $parent = dir('/home/www/www4/html'); ?> I get: Warning: open_basedir restriction in effect. File is in wrong directory ... So, the closing slash does not prevent www1's scripts accessing www1* scripts via open_basedir. With safe_mode deactivated www1 could read www1*'s dirs but not www4,www5,www6... dirs. Either the documentation is wrong or the slash at the end is ignored? Regards, Jan-Hendrik Benter ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=19395&edit=1
