ID: 32851 Updated by: [EMAIL PROTECTED] Reported By: stegelmann at rz dot rwth-aachen dot de -Status: Open +Status: Bogus Bug Type: Safe Mode/open_basedir Operating System: SunOS 5.8 PHP Version: 4.3.11 New Comment:
This is expected behaviour and it's documented in the docs: "When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink." http://www.php.net/manual/en/features.safe-mode.php Pay attentions to the last sentence. Previous Comments: ------------------------------------------------------------------------ [2005-04-27 14:45:30] stegelmann at rz dot rwth-aachen dot de To perhaps clarify - after the file was created with your code: $f = fopen("/export2/home/websites/it/test", "w"); the previously unsuccessful attempt: $f = fopen("/export/home/websites/it/test", "w"); does work (as I mentioned in the initial report). So just the file's creation fails in combination with the symlink. ------------------------------------------------------------------------ [2005-04-27 14:29:51] stegelmann at rz dot rwth-aachen dot de $f = fopen("/export2/home/websites/it/test", "w"); does work. ------------------------------------------------------------------------ [2005-04-27 12:59:39] [EMAIL PROTECTED] Does this work: $f = fopen("/export2/home/websites/it/test", "w"); ie. writing to the actual directory..? ------------------------------------------------------------------------ [2005-04-27 12:05:45] stegelmann at rz dot rwth-aachen dot de Description: ------------ We have some Apache/1.3.31 vhosts with open_basedir restrictions: php_admin_value open_basedir "/export/home/websites/it/:/export2/home/websites/it/:/tmp/:/var/tmp/" /export/home/websites/it/ is a symlink to the directory /export2/home/websites/it/ . A script writing to an existing file in /export/home/websites/it/ works without a flaw. Removing the file (so the script should create the file) produces an open_basedir warning. (The creation of a file in the real directory /export2/home/websites/it/ works.) I've already checked the (symlink-)ownership and directory-permissions. safe_mode is disabled for testing purposes. Reproduce code: --------------- <? $f = fopen("/export/home/websites/it/test", "w"); ?> Expected result: ---------------- As the file's path is in the allowed paths the file should be created (as it can be read when it exists). Actual result: -------------- Warning: fopen(): open_basedir restriction in effect. File(/export/home/websites/it/test) is not within the allowed path(s): (/export/home/websites/it:/export2/home/websites/it:/tmp/:/var/tmp/) in /export2/home/websites/it/test.php on line 2 Warning: fopen(/export/home/websites/it/test): failed to open stream: Not owner in /export2/home/websites/it/test.php on line 2 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32851&edit=1
