From: johnsteed99 at yahoo dot it
Operating system: Linux Red Hat 7.2.2
PHP version: 4.3.7
PHP Bug Type: *Directory/Filesystem functions
Bug description: open_basedir misfunction with symbolic links
Description:
------------
We have a symbolic link to apache's htdocs:
/WWW -> /usr/local/apache2/htdocs
We are not in safe mode, but we set open_basedir. If we try to use a
function that has to create a file (move_uploaded_file, tempnam, fopen in
W mode, copy, etc.) and we specify a path using the symbolic link
(/WWW/mysite/upl), php does not allow us to proceed, alerting that
open_basedir restriction is in effect. If the file is present so it has
only to be opened, everything is fine. If we specify the real path
(/usr/local/apache2/htdocs/mysite/upl), it works both in creation and
opening. No problems found when opening files in read mode.
Specifying open_basedir as link or real path does not affect the problem.
We think the bug should be in fopen_wrappers.c, function
expand_filepath().
Reproduce code:
---------------
<?
if ($_POST["action"] == 'save')
{
$upl_dir = '/WWW/mysite/upl';
$upl_file = $upl_dir.$_FILES['userfile']['name'];
if (! move_uploaded_file( $_FILES['userfile']['tmp_name'],
$upl_file))
echo "failed<br>";
}
?>
<html>
<body bgcolor="#FFFFFF">
<form method="post" action="<? echo $PHP_SELF; ?>?action=save"
enctype="multipart/form-data">
Send a file:
<input type="file" name="userfile" />
<input type="submit" name="Submit" value="Send" />
</form>
</body>
</html>
Expected result:
----------------
Resolved destination directory is in open_basedir, so it should be allowed
to create a file.
Actual result:
--------------
When affected file is not existent, php does not allow to create it if a
directory in its path is specified using a symbolic link.
--
Edit bug report at http://bugs.php.net/?id=28947&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28947&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28947&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28947&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28947&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28947&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28947&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28947&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28947&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28947&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28947&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28947&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28947&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28947&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28947&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28947&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28947&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28947&r=float
