ID: 24304
Updated by: [EMAIL PROTECTED]
Reported By: eugen at iwep dot ab dot ru
-Status: Open
+Status: Bogus
Bug Type: Filesystem function related
Operating System: FreeBSD
PHP Version: 4.3.2
New Comment:
Check your php.ini options, can't reproduce.
Previous Comments:
------------------------------------------------------------------------
[2003-06-23 19:59:17] eugen at iwep dot ab dot ru
Description:
------------
I found bug? if i use SAFE MODE and function fopen I may show other
document diferent user, make rwxrw-rw attribute on public_html home
directrory
User1
public_html rwxrw-rw-
cack.php
$data="";M
$fp=fopen("../../User2/public_html/index.php","r");M
while(!feof($fp)){M
$data.=fread($fp,1024);
}M
fclose($fp);M
highlight_string($data);M
User2
public_html rwxr-xr-x
index.php
Reproduce code:
---------------
<?
$data="";M
$fp=fopen("../../User2/public_html/index.php","r");M
while(!feof($fp)){M
$data.=fread($fp,1024);
}M
fclose($fp);M
highlight_string($data);M
?>
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=24304&edit=1
