From: suicas at gmail dot com Operating system: Solaris 10 PHP version: 5.2.4 PHP Bug Type: Directory function related Bug description: require/include fail to read file with ../ in path
Description: ------------ Trying to include or require a file containing '../' in its path fails with permission denied or file not found. I've made sure that suhosin has not been loaded, and that safe mode is turned off while testing this, and can provide PHP's configure line and php.ini changes if needed. This may to be related to closed bug #39351 (http://bugs.php.net/bug.php?id=39351). Reproduce code: --------------- File /www/included.php: <?php echo 'Included ' ?> File /www/a/index.php: <?php echo substr(sprintf('%o ', fileperms('/www/included.php')), -5); include('/www/included.php'); echo substr(sprintf('%o ', fileperms('../included.php')), -5); include('../included.php'); ?> Expected result: ---------------- When viewing file /www/a/index.php from a web browser: 0644 Included 0644 Included When running PHP from the command line on /www/a/index.php: 0644 Included 0644 Included Actual result: -------------- >From a web browser: 0644 Included 0644 Warning: include(../included.php) [function.include]: failed to open stream: Permission denied in /www/a/index.php on line 6 Warning: include() [function.include]: Failed opening '../included.php' for inclusion (include_path='.:/opt/php5/lib/php') in /www/a/index.php on line 6 >From the command line: 0644 Included Warning: fileperms(): stat failed for ../included.php in /www/a/index.php on line 5 Warning: include(../included.php): failed to open stream: No such file or directory in /www/a/index.php on line 6 Warning: include(): Failed opening '../included.php' for inclusion (include_path='.:/opt/php5/lib/php') in /www/a/index.php on line 6 -- Edit bug report at http://bugs.php.net/?id=42670&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42670&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42670&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42670&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42670&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42670&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42670&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42670&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42670&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42670&r=support Expected behavior: http://bugs.php.net/fix.php?id=42670&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42670&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42670&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42670&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42670&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42670&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42670&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42670&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42670&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42670&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42670&r=mysqlcfg
