ID: 10322
User Update by: [EMAIL PROTECTED]
Status: Open
Bug Type: PHP options/info functions
Description: Logical error in fopen-wrappers.c
I thought, while I'm here, I'd submit a patch to fix this.
The patch also includes support for an additional special case in php.ini's
open_basedir.
The current "." allows scripts to access files in the same directory as the script.
"DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's
directory tree. DOCUMENT_ROOT is calculated by PATH_TRANSLATED and removing
SCRIPT_URI from the end - This conveniently works for both full Apache Virtalhosts and
mod_aliased Mass virtual hosting (I don't know if this is true for the newer mod_vhost
- just check what PATH_TRANSLATED and SCRIPT_URI is set to in phpinfo() - if removing
the latter from the former is the sites docroot then you are away).
Anyway, the patch: code shamelessly copied from the "." segment :)
*** main/fopen-wrappers.c.orig Fri Apr 13 17:50:02 2001
--- main/fopen-wrappers.c Sat Apr 14 01:46:28 2001
***************
*** 141,151 ****
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
int local_open_basedir_pos;
SLS_FETCH();
/* Special case basedir==".": Use script-directory */
! if ((strcmp(PG(open_basedir), ".") == 0) &&
SG(request_info).path_translated &&
*SG(request_info).path_translated
) {
--- 141,167 ----
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_request_uri;
int local_open_basedir_pos;
SLS_FETCH();
+ /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the
+ * virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI
+ * [EMAIL PROTECTED]
+ */
+ if ((strcmp(basedir, "DOCUMENT_ROOT") == 0) &&
+ SG(request_info).path_translated &&
+ *SG(request_info).path_translated ) {
+ /* Copy path_translated to local_open_basedir, the look in
+ this string for where request_uri starts and zero that byte
+ thus leaving local_open_basedir set to the virtualhost's
+ DOCUMENT_ROOT */
+ strlcpy(local_open_basedir, SG(request_info).path_translated, si
zeof(local_open_basedir));
+ local_open_request_uri=strstr(local_open_basedir,SG(request_info
).request_uri);
+ if (local_open_request_uri) *local_open_request_uri = '\0';
+ } else
/* Special case basedir==".": Use script-directory */
! if ((strcmp(basedir, ".") == 0) &&
SG(request_info).path_translated &&
*SG(request_info).path_translated
) {
(I realise cut-n-paste into this window will convert all the nice TABS to spaces, so a
patch < this file isn't going to be as clean).
I'd really appreciate this being included in the next patchlevel / release as I'd
guess that anyone already using "." will want this.
Paul.
Previous Comments:
---------------------------------------------------------------------------
[2001-04-13 18:52:07] [EMAIL PROTECTED]
In main/fopen_wrappers.c I see that there is a function:
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path PLS_DC)
However "basedir" is never used in this function at all,
only PG(open_basedir).
Surely this negates the point of the function being called individually for each
tokenised entry on open_basedir/php.ini? I think it will only match, ever, on the
first entry in the config file.
So, should all references to PG(open_basedir) in php_check_specific_open_basedir() be
replaced with the arg basedir ?
Thanks,
Paul Gregg
(Hacking in support for DOCUMENT_ROOT as another "specical case")
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=10322
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
