#22220 [Com]: can't turn open_basedir off anymore since 4.2.3 -> 4.3.0

Fri, 14 Feb 2003 02:25:15 -0800 

 ID:               22220
 Comment by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Apache related
 Operating System: FreeBSD 4.7-STABLE
 PHP Version:      4.3.0
 New Comment:

Hmm
it works for my system

open_basedir = '/www'; in php.ini
and in apache <directory> directive i have
php_admin_value open_basedir none
which works grand. did you try actually acessing a file outside the
docroot?


Previous Comments:
------------------------------------------------------------------------

[2003-02-14 04:03:11] [EMAIL PROTECTED]

I have this in my php.ini as default:

open_basedir = /var/www

I have a virtualhost block like this:

<VirtualHost 192.168.0.1>
  ServerName "host.example.com"
  DocumentRoot "/var/www/host.example.com/root"
  <Directory "/var/www/host.example.com/root/admin">
    Options Indexes ExecCgi
    php_admin_value safe_mode 0
    php_admin_value open_basedir "/"
  </Directory>
</VirtualHost>

The goal is to force a default open_basedir of "/var/www" to
everything, except the explicitly specified /admin directory and
contents (same with safe_mode).

First, I read that setting the open_basedir to "/" doesn't work anymore
in http://bugs.php.net/bug.php?id=22101. Seems kinda weird as the
documentation states:

[The restriction specified with open_basedir is actually a prefix, not
a directory name. This means that "open_basedir = /dir/incl" also
allows access to "/dir/include" and "/dir/incls" if they exist. When
you want to restrict access to only the specified directory, end with a
slash. For example: "open_basedir = /dir/incl/"]

But besides that, specifying 'none' as open basedir in the virtualhost
doesn't turn it off, it uses the default of /var/www, and I haven't
found a way to set the open_basedir to NULL.

So, as I see it either the 'none' setting isn't working correctly and
needs to be fixed or the possibility of setting the open_basedir to "/"
needs to be put back in.

Unless I'm overseeing some very trivial way of turning the open_basedir
restriction off of course.

Thanks in advance.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=22220&edit=1

Reply via email to