Bug #53516 [Com]: open_basedir BUG introduced in PHP 5.2.15

Wed, 02 Mar 2011 03:59:23 -0800 

Edit report at http://bugs.php.net/bug.php?id=53516&edit=1

 ID:                 53516
 Comment by:         webmaster at imposit dot com
 Reported by:        ofi at evil dot net dot pl
 Summary:            open_basedir BUG introduced in PHP 5.2.15
 Status:             Closed
 Type:               Bug
 Package:            Streams related
 Operating System:   Linux 2.6.36.1
 PHP Version:        5.2.15
 Assigned To:        iliaa
 Block user comment: N
 Private report:     N

 New Comment:

This seems not to be solved in 5.2.17 either

for example

open_basedir = /var/www



within /var/www/login.php  has

include ('step2.php');

/var/www/step2.php exist (same right as other files, readable...)

openbasedir restriction denies access to the file



you need to include('./step2.php')

to get it work





this is not possible, on my hosts running tousands of different php
scripts

does work until and including version 5.2.14


Previous Comments:
------------------------------------------------------------------------
[2010-12-15 14:50:48] joho at boojam dot se

Wouldn't this merit 5.2.16 considering it's "quite" fatal?

------------------------------------------------------------------------
[2010-12-10 13:50:36] [email protected]

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2010-12-10 13:50:27] [email protected]

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=306184
Log: Fixed bug #53516 (Regression in open_basedir handling).

------------------------------------------------------------------------
[2010-12-10 11:28:21] ofi at evil dot net dot pl

Description:
------------
Just look at:

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/fopen_wrappers.c?r1=303823&r2=306136



and



http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698



'-1' is missing in 5_2 branch

Test script:
---------------
Not needed - just enable open_basedir.

Expected result:
----------------
Working php script.

Actual result:
--------------
Open_basedir restriction...


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53516&edit=1

Reply via email to