#28947 [Opn]: open_basedir misfunction with symbolic links

Mon, 28 Jun 2004 05:40:44 -0700 

 ID:               28947
 User updated by:  johnsteed99 at yahoo dot it
 Reported By:      johnsteed99 at yahoo dot it
 Status:           Open
 Bug Type:         *Directory/Filesystem functions
 Operating System: Linux Red Hat 7.2.2
 PHP Version:      4.3.7
 New Comment:

In the code, $upl_dir misses last slash, so line 4 should be
$upl_dir = '/WWW/mysite/upl/';


Previous Comments:
------------------------------------------------------------------------

[2004-06-28 12:51:54] johnsteed99 at yahoo dot it

Description:
------------
We have a symbolic link to apache's htdocs:
/WWW -> /usr/local/apache2/htdocs
We are not in safe mode, but we set open_basedir. If we try to use a
function that has to create a file (move_uploaded_file, tempnam, fopen
in W mode, copy, etc.) and we specify a path using the symbolic link
(/WWW/mysite/upl), php does not allow us to proceed, alerting that
open_basedir restriction is in effect. If the file is present so it has
only to be opened, everything is fine. If we specify the real path
(/usr/local/apache2/htdocs/mysite/upl), it works both in creation and
opening. No problems found when opening files in read mode.
Specifying open_basedir as link or real path does not affect the
problem. We think the bug should be in fopen_wrappers.c, function
expand_filepath().

Reproduce code:
---------------
<?
    if ($_POST["action"] == 'save')
    {
        $upl_dir = '/WWW/mysite/upl';
        $upl_file = $upl_dir.$_FILES['userfile']['name'];
        if (! move_uploaded_file( $_FILES['userfile']['tmp_name'],
$upl_file))
            echo "failed<br>";
    }
?>
<html>
<body bgcolor="#FFFFFF">
    <form method="post" action="<? echo $PHP_SELF; ?>?action=save"
enctype="multipart/form-data">
        Send a file:
        <input type="file" name="userfile" />
        <input type="submit" name="Submit" value="Send" />
    </form>
</body>
</html>


Expected result:
----------------
Resolved destination directory is in open_basedir, so it should be
allowed to create a file.

Actual result:
--------------
When affected file is not existent, php does not allow to create it if
a directory in its path is specified using a symbolic link.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=28947&edit=1

Reply via email to