ID: 42077 Updated by: [EMAIL PROTECTED] Reported By: spam2 at rhsoft dot net -Status: Bogus +Status: Assigned Bug Type: Session related Operating System: Linux PHP Version: 5CVS-2007-07-23 (snap) -Assigned To: +Assigned To: stas New Comment:
Re-opening and assign to Stas who has something cooking up for this. Previous Comments: ------------------------------------------------------------------------ [2007-07-23 09:12:07] [EMAIL PROTECTED] See http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3378 for why. ------------------------------------------------------------------------ [2007-07-23 08:00:31] spam2 at rhsoft dot net Description: ------------ The Session-Save-Dir MUST NOT be in open_basedir because scripts must not read session files for security! And a failed session_start() have not to be fatal error too Warning: session_start() [function.session-start.php]: open_basedir restriction in effect. File(/var/www/sessiondata) is not within the allowed path(s): (/mnt/data/www/www.rhsoft.net:/mnt/data/www/phpincludes:/usr/share/pear:/var/www/uploadtemp) in /mnt/data/www/www.rhsoft.net/test.php on line 2 Fatal error: session_start() [<a href='http://at.php.net/manual/de/function.session-start.php'>function.session-start.php</a>]: Failed to initialize storage module: files (path: /var/www/sessiondata) in /mnt/data/www/www.rhsoft.net/test.php on line 2 Reproduce code: --------------- <?php session_start(); ?> Expected result: ---------------- A started session Actual result: -------------- A killed script ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42077&edit=1