Bug #48880 [Com]: Random Appearing open_basedir problem

Sat, 11 May 2013 08:14:49 -0700 

Edit report at https://bugs.php.net/bug.php?id=48880&edit=1

 ID:                 48880
 Comment by:         spam2 at rhsoft dot net
 Reported by:        brwarner at rogers dot com
 Summary:            Random Appearing open_basedir problem
 Status:             Closed
 Type:               Bug
 Package:            Safe Mode/open_basedir
 Operating System:   *
 PHP Version:        5.3SVN-2009-07-27 (snap)
 Block user comment: N
 Private report:     N

 New Comment:

i see this randomly with Apache 2.4.4 and PHP 5.4.14/5.4.15 on Fedora x86_64 
and it seems for me that this problem came back a short time ago because it is 
very new for me and i have this only seen with a PHP6-snapshot years ago until 
now


Previous Comments:
------------------------------------------------------------------------
[2009-07-31 21:10:11] ras...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2009-07-31 21:09:46] s...@php.net

Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&revision=286602
Log: Fix bug #48880
The ini entry was being corrupted because it wasn't being set
on the ACTIVATE and DEACTIVATE stages.

------------------------------------------------------------------------
[2009-07-31 03:34:00] starcraftmazter at gmail dot com

I think this bug is closely related to 48744
http://bugs.php.net/bug.php?id=48744

To say what I said in the other bug report,

I can confirm that I have a very similar issue. I have been running PHP
with open_basedir for quite some time. I upgraded to php 5.3.0 recently,
previously having ran php 5.2.5. Immediately after installing the newly
compiled version, the issues began.

The problem as I experience it, is that the "open_basedir" setting seems
to be composed of random, non latin1 characters (displayed as symbols by
the browser). I cannot draw any reasons as to which users are affected
by this or why, but it does not happen to everyone - it is seemingly
random.

I am using CentOS 5.3 with the latest cPanel 11 on CURRENT which manages
the open_basedir. I am using Apache 2.2.6.

My compile string is as follows;

'./configure' '--prefix=/usr/local'
'--with-apxs2=/usr/local/apache/bin/apxs' '--enable-bcmath'
'--enable-calendar' '--enable-exif' '--enable-ftp'
'--enable-gd-native-ttf' '--enable-libxml' '--enable-mbstring'
'--enable-soap' '--enable-sockets' '--enable-zip' '--with-bz2'
'--with-curl=/opt/curlssl/' '--with-curlwrappers'
'--with-freetype-dir=/usr' '--with-gd' '--with-gettext'
'--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr'
'--with-jpeg-dir=/usr' '--with-kerberos' '--with-libdir=lib64'
'--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/'
'--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/'
'--with-openssl-dir=/usr' '--with-pic' '--with-png-dir=/usr'
'--with-xpm-dir=/usr' '--with-xsl=/opt/xslt/' '--with-zlib'
'--with-zlib-dir=/usr' '--with-openssl=/usr' '--with-mysql'
'--with-mysqli' '--with-pgsql' '--with-sqlite=shared'
'--enable-pdo=shared' '--with-pdo-sqlite=shared'
'--with-pdo-mysql=shared' '--with-pdo-pgsql=shared'
'--with-magickwand=/usr/local/bin'

You can check other relevant settings here:
http://liway.com/test.php

For reference, here is the screenshot of the exact error message which
one of the accounts is getting, which shows the open_basedir setting
being composed of weird characters.
http://img75.imageshack.us/img75/6261/screenshot1a.png
The situation involves phpbb3 trying to include parts of itself, so I am
confident that it should be allowed, as it's in the same directory or
close directories within a single account home folder.

The second screenshot is of the relevant open_basedir setting in the
httpd.conf file. I have checked the settings against those in the
virtual hosts of other accounts where open_basedir works without errors,
and I can confirm that they are absolutely identical (apart from the
actual home directory).
http://img75.imageshack.us/img75/626/screenshot2w.png

Needless to say, this is a very serious issue, as open_basedir is an
extremely important security measure for those of us who don't run
suPHP, and now it is impossible to use it because of these problems.

I'm available daily for testing, hope this bug report will get some new
attention for developers.

Cheers

------------------------------------------------------------------------
[2009-07-30 13:19:21] tobias dot rausch at web dot de

I'm expecting the same problem with Suse, Apache2 and PHP5.3 .
I configured open_basedir correctly in vhost.conf and included this conf files 
into httpd.include.
I think it is really strange because if you reload a page, sometimes the error 
changes or it even disappears for some reason..
I had this type of the error only due to some reloads:
1. Warning: Unknown: open_basedir restriction in effect. 
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
 is not within the allowed path(s): (¢­¶/www/vhosts/myrausch.de/httpdocs) in 
Unknown on line 0

2. Warning: Unknown: open_basedir restriction in effect. 
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
 is not within the allowed path(s): (p.—… ) in Unknown on line 0

3. Warning: Unknown: open_basedir restriction in effect. 
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
 is not within the allowed path(s): (de-de,de;q=0.8,en-us;q=0.5,en;q=0.3) in 
Unknown on line 0

The third one is really strange because it seems to me that the open_basedir 
paths look like some language codes?!

------------------------------------------------------------------------
[2009-07-30 02:15:50] brwarner at rogers dot com

Sorry, I didn't know I had to change it to "open," this is my first bug 
report.
This bug still happens to mean, and it gets annoying especially when 
javascript is used to load other pages for information - as then 
javascript has a bunch of errors making the page appear wrong as opposed 
to even showing an error message.)

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=48880


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=48880&edit=1

Reply via email to