From: [EMAIL PROTECTED]
Operating system: NT
PHP version: 4.0.4pl1
PHP Bug Type: Unknown/Other Function
Bug description: Copy function is not affected by the security settings
It appears that the copy function is not affected by the security restrictions set on
the php.ini file
PHP.ini:
Safe_mode=On
Open_basedir=d:\www\htdocs
With a script like:
print('<font color=#007700>Try to copy() c:\winnt\win.ini to
d:\www\htdocs\phptest</tr></font><br>');
if (!copy('c:\winnt\win.ini', 'd:\www\htdocs\phptest\win.ini')) {
print('<font color=#007700><b>OK</b>: Copy() Failed</font>');
}
else
{
print('<font color=#DD0000><b>Warning</b>: Copy() Succeeded!!!</font>');
}
print('<br>=====================================================<br>');
print('<font color=#007700>Try to fopen() file
d:\www\htdocs\phptest\win.ini</font><br>');
if (!fopen( 'd:\www\htdocs\phptest\win.ini', 'r' )) {
print('<font color=#007700><b>OK</b>: Fopen() Failed</font>');
}
else
{
print('<font color=#DD0000><b>Warning</b>: Fopen() Succeeded!!!</font>');
}
I can copy a file from a forbiden directory to an allowed one and the read it.
Other functions that I have tested don't have this "bug".
I tested with Apache for Windows 1.3.14 and the PHP4 module
Best regards,
Victor Fernandes
--
Edit Bug report at: http://bugs.php.net/?id=9526&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
