From:             [EMAIL PROTECTED]
Operating system: Solaris 8 & Linux Madrake
PHP version:      4.2.3
PHP Bug Type:     PHP options/info functions
Bug description:  open_basedir not working

a scripts located in open_basedir path is unable to include another script
in the same directory with error " open_basedir restriction in effect.
File is in wrong directory" where the first script is included
from another script.

You can reproduce this situation with 3 php scripts with safe_mode on:

/usr/local/http-docs/common/scripts/test.php --------------

<?php
include("test/test.php");
?>

/usr/local/http-docs/common/lib/test/test.php -------------

<?php
phpinfo();
include("hello.php");
?>

/usr/local/http-docs/common/lib/test/hello.php -------------

<?php
echo "hello world";
?>

Apache configuration to reproduce the situation --------------

<Directory "/usr/local/http-docs/common/lib/">
    Options none
    AllowOverride None
    Order allow,deny
    Deny from all
</Directory>

Alias /scripts/ "/usr/local/http-docs/common/scripts/"

<Directory "/usr/local/http-docs/common/scripts/">
    Options none
    AllowOverride None
    Order allow,deny
    Allow from all
    php_admin_value open_basedir
/usr/local/http-docs/common/scripts/:/usr/local/http-docs/common/lib
</Directory>

<VirtualHost 192.168.0.3>
        ServerName 192.168.0.3
        DocumentRoot /usr/local/http-docs/test
        php_admin_value open_basedir
/usr/local/http-docs/test:/usr/local/http-docs/common/lib:/var/tmp:/usr/local/lib/php
        php_admin_value doc_root /usr/local/http-docs/test
</VirtualHost>

to reproduce the error just go to https://192.168.0.3/scripts/test.php
altough phpinfo() on /usr/local/http-docs/common/lib/test/test.php
shows that open_basedir includes /usr/local/http-docs/common/lib
php fails to open hello.php

php configure line (Solaris):

./configure --with-mysql --with-apache=$(APACHE) \
                --enable-track-vars --enable-versioning \
                --enable-sockets --enable-dbase \
                --enable-exif \
                --enable-ftp --with-mm \
                --with-dbase --with-ftp --with-ndbm \
                --with-gd=/usr/local --enable-gd-native-ttf \
                --with-zlib-dir=/usr/local \
                --with-curl=/usr/local --with-openssl \
                --with-pcre --with-mcrypt=/usr/local/lib --with-xml \
                --enable-ucd-snmp-hack \
                --enable-inline-optimization \
                --disable-debug --disable-display-source \
                --with-jpeg-dir=/opt/sfw \
                --with-imap=$(IMAP) --with-zlib \
                --with-png-dir=/opt/sfw --with-tiff-dir=/opt/sfw

-- 
Edit bug report at http://bugs.php.net/?id=20117&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20117&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20117&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20117&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20117&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20117&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20117&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20117&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20117&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20117&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20117&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20117&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20117&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20117&r=isapi

Reply via email to