Bug #46888 [Com]: copy() : safe_mode / allow_url_fopen does not allow opening urls

[maurice dot sienema at isp dot solcon dot nl]

Edit report at https://bugs.php.net/bug.php?id=46888&edit=1

 ID:                 46888
 Comment by:         maurice dot sienema at isp dot solcon dot nl
 Reported by:        php at degoulet dot net
 Summary:            copy() : safe_mode / allow_url_fopen does not allow
                     opening urls
 Status:             Verified
 Type:               Bug
 Package:            Safe Mode/open_basedir
 Operating System:   *
 PHP Version:        5.2.9
 Block user comment: N
 Private report:     N

 New Comment:

I can reproduce this issue on PHP 5.3.13


Previous Comments:
------------------------------------------------------------------------
[2011-11-09 14:58:15] czigor at freemail dot hu

Same here on php 5.2.17, Linux blue 2.6.37-fw2.

------------------------------------------------------------------------
[2011-05-20 02:32:41] macmiranda at gmail dot com

same on centos 5.5 php 5.2.17

------------------------------------------------------------------------
[2009-09-01 16:21:41] sjo...@php.net

Could reproduce. With safe mode, files which are handled by stream wrappers are 
checked against the filesystem. This is wrong.

------------------------------------------------------------------------
[2009-05-15 14:04:27] christian at elmerot dot se

You apply the patch using the command patch when you build PHP from the 
sourcecode. If you've never done this before I cannot recommend that you do 
this for something like PHP.

If you still go ahead, download the PHP sourcecode, extract it and read the 
files (README and INSTALL). Check documentation for using the patch command 
(man patch). in general you save the patch to a file (lets call it 
safemode.patch) then you simply run "patch main/safe_mode.c < safemode.patch" 
in the folder where you unpacked the source

------------------------------------------------------------------------
[2009-04-28 13:32:43] neo at nord-style dot com

Hello, I've the same problem but I don't understand how use this patch. 
Actually safe_mode off but it's not a solution.

How and Where Am i use this :
---------------
diff -Nur php-5.2.8/main/safe_mode.c php-5.2.8_1/main/safe_mode.c
--- php-5.2.8/main/safe_mode.c  2008-07-24 18:01:59.000000000 +0200
+++ php-5.2.8_1/main/safe_mode.c        2008-12-17 15:01:07.502862702 +0100
@@ -52,6 +52,7 @@
        long uid=0L, gid=0L, duid=0L, dgid=0L;
        char path[MAXPATHLEN];
        char *s, filenamecopy[MAXPATHLEN];
+       php_stream_wrapper *wrapper = NULL;
        TSRMLS_FETCH();
 
        path[0] = '\0';
@@ -72,6 +73,15 @@
                        mode = CHECKUID_CHECK_FILE_AND_DIR;
                }
        }
+
+       /* 
+        * If given filepath is a URL, allow - safe mode stuff
+        * related to URL's is checked in individual functions
+        * Possibly/likely allows for safe_mode bypass!!!
+        */
+       wrapper = php_stream_locate_url_wrapper(filename, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
+       if ((wrapper != NULL) && (strstr(filename, "..\/") == NULL))
+               return 1;
                
        /* First we see if the file is owned by the same user...
         * If that fails, passthrough and check directory...
---------------

Thx

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=46888


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=46888&edit=1