Bug #65489 [Opn]: glob() basedir check is inconsistent

Tue, 20 Aug 2013 23:42:58 -0700 

Edit report at https://bugs.php.net/bug.php?id=65489&edit=1

 ID:                 65489
 Updated by:         a...@php.net
 Reported by:        a...@php.net
 Summary:            glob() basedir check is inconsistent
 Status:             Open
 Type:               Bug
 Package:            Filesystem function related
 Operating System:   irrelevant
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N

 New Comment:

Here's also a pull request implementing GlobIterator where this topic was 
discussed https://github.com/php/php-src/pull/398


Previous Comments:
------------------------------------------------------------------------
[2013-08-20 15:43:10] a...@php.net

Description:
------------
As documentation states

"Returns an array containing the matched files/directories, an empty array if 
no 
file matched or FALSE on error."

whereby in case when internal glob() has returned NOMATCH, there's no reliable 
way to do basedir check. As examples below illustrate, when the glob query is 
complex, glob() returned NOMATCH and query is valid within basedir, it still 
will return bool(false) to the userspace in the most cases.

If the result is empty, using php_check_open_basedir_ex() on the pattern will 
work "somehow" only if it's a direct filesystem path or close to it, so 
generally such check is senseless. Therefore what documentation states about 
returning an empty array vs. false cannot be guaranteed.

The same misbehavior persists on windows with correspondingly modified queries.


Test script:
---------------
<?php
ini_set("open_basedir", "/etc");
 /* found */
var_dump(glob("/etc"));
/* found given you're on debian :) */
var_dump(glob("/???/issue"));
/* basedir restriction */
var_dump(glob("/usr"));
/* basedir restriction, but that's a random result. PHP
doesnot really check /usr/nonono and /etc/nonono against basedir */
var_dump(glob("/{usr,etc}/nonono", GLOB_BRACE));
/* erroneous basedir restriction */
var_dump(glob("/[e]??/hey"));
/* erroroneous basedir restriction */
var_dump(glob("/???/absent"));

Expected result:
----------------
array(1) {
  [0]=>
  string(4) "/etc"
}
array(1) {
  [0]=>
  string(10) "/etc/issue"
}
bool(false)
bool(false)
array(0) {
}
array(0) {
}

Actual result:
--------------
array(1) {
  [0]=>
  string(4) "/etc"
}
array(1) {
  [0]=>
  string(10) "/etc/issue"
}
bool(false)
bool(false)
bool(false)
bool(false)


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65489&edit=1

Reply via email to