ID: 41492 Updated by: [EMAIL PROTECTED] Reported By: bugs dot php dot net at chsc dot dk -Status: Open +Status: Closed Bug Type: Safe Mode/open_basedir Operating System: Linux PHP Version: 5.2.2 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-05-24 15:55:54] bugs dot php dot net at chsc dot dk Description: ------------ file_exists() etc. does not allow checking the existence of files outside the directories specified in open_basedir. Appearently readfile() does *not* have this restriction and thus allows checking the existence of files anywhere in the filesystem. If realpath($filename) returns a string (i.e. not false), the file exists. This is a circumvention of the open_basedir restriction in file_exists() etc. Reproduce code: --------------- The following should always be true, but it isn't when $dir is outside the directories specified in open_basedir: var_dump(file_exists($dir) === (bool) realpath($dir)); ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41492&edit=1
