ID: 10322
Updated by: jason
Old-Status: Open
Status: Bogus
Bug Type: PHP options/info functions
PHP Version: 4.0.4pl1
Assigned To: 

This is almost an exact copy of a patch I had submitted in October of 2000.(before I 
became a contributor).
This idea (and many others) was on hold to a cleaner redesign of safe_mode.

There is NO logical error, basedir is used, check the patch that YOU *supposedly* 
submited, it uses basedir. 
Please don't try and claim other peoples code as your own.

Marked as Bogus


Previous Comments:

[2001-04-14 08:20:55] [EMAIL PROTECTED]
Thanks for the response, however, can you confirm that there is a logical coding error 

The DOCUMENT_ROOT patch is secondary and would be nice - but is the bug going to be 
fixed in 4.0.5 ?




[2001-04-14 05:34:04] [EMAIL PROTECTED]
This will not make it into 4.0.5 as this was branched a while back but it might well 
make it into 4.0.6. Ill get a developer to look at this patch.

- James


[2001-04-13 20:57:35] [EMAIL PROTECTED]
I thought, while I'm here, I'd submit a patch to fix this.

The patch also includes support for an additional special case in php.ini's 
The current "." allows scripts to access files in the same directory as the script.
"DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's 
directory tree.  DOCUMENT_ROOT is calculated by PATH_TRANSLATED and removing 
SCRIPT_URI from the end - This conveniently works for both full Apache Virtalhosts and 
mod_aliased Mass virtual hosting (I don't know if this is true for the newer mod_vhost 
- just check what PATH_TRANSLATED and SCRIPT_URI is set to in phpinfo() - if removing 
the latter from the former is the sites docroot then you are away).

Anyway, the patch: code shamelessly copied from the "." segment :)

*** main/fopen-wrappers.c.orig  Fri Apr 13 17:50:02 2001
--- main/fopen-wrappers.c       Sat Apr 14 01:46:28 2001
*** 141,151 ****
        char resolved_name[MAXPATHLEN];
        char resolved_basedir[MAXPATHLEN];
        char local_open_basedir[MAXPATHLEN];
        int local_open_basedir_pos;

        /* Special case basedir==".": Use script-directory */
!       if ((strcmp(PG(open_basedir), ".") == 0) &&
                SG(request_info).path_translated &&
                ) {
--- 141,167 ----
        char resolved_name[MAXPATHLEN];
        char resolved_basedir[MAXPATHLEN];
        char local_open_basedir[MAXPATHLEN];
+       char *local_open_request_uri;
        int local_open_basedir_pos;

+       /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the
+        * virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI
+        * [EMAIL PROTECTED]
+        */
+       if ((strcmp(basedir, "DOCUMENT_ROOT") == 0) &&
+               SG(request_info).path_translated &&
+               *SG(request_info).path_translated ) {
+               /* Copy path_translated to local_open_basedir, the look in
+                  this string for where request_uri starts and zero that byte
+                  thus leaving local_open_basedir set to the virtualhost's
+                  DOCUMENT_ROOT */
+               strlcpy(local_open_basedir, SG(request_info).path_translated, si
+               local_open_request_uri=strstr(local_open_basedir,SG(request_info
+               if (local_open_request_uri) *local_open_request_uri = '

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to