Jason, I have looked at the URL you supplied below, and yes there are some similarities - I presume because the routine used is a replica of the other "." special case. I take great offense at being accused of copying your code. Further, you will note that your patch also contains the bug in referencing PG(open_basedir) instead of simply basedir - the argument supplied to the function. 4.0.4pl1 references PG(open_basedir) like yours, so your claim below is false. There are two issues here - The logical error in the routine and the additional support for another special case. Your solution attempts to provide a patch to enable php to access any other file in a virtual document root. Further, I can see that your patch will *only* work of in php.ini you use VIRTUAL_DOCUMENT_ROOT as the first entry in open_basedir. So, in conclusion, don't you think it concievable that perhaps someone else wanted to do the same as you, and simply copied the already supplied code special case for "."? I've been a net-contributer to the net for many years, which you can see from my site www.pgregg.com - many people have released software or documents similar to my own - but I've never accused anyone of plagarism and never been accused of it before. Paul Gregg in message <[EMAIL PROTECTED]>, Bug Database <[EMAIL PROTECTED]> writes: | ID: 10322 | Updated by: jason | Reported By: [EMAIL PROTECTED] | Old-Status: Open | Status: Bogus | Bug Type: PHP options/info functions | PHP Version: 4.0.4pl1 | Assigned To: | Comments: | | This is almost an exact copy of a patch I had submitted in October of 2000.(b |+efore I became a contributor). | http://marc.theaimsgroup.com/?l=php-dev&m=97145490702792&w=2 | This idea (and many others) was on hold to a cleaner redesign of safe_mode. | | There is NO logical error, basedir is used, check the patch that YOU *suppose |+dly* submited, it uses basedir. | Please don't try and claim other peoples code as your own. | | Marked as Bogus | | -Jason | | | Previous Comments: | --------------------------------------------------------------------------- | | [2001-04-14 08:20:55] [EMAIL PROTECTED] | Thanks for the response, however, can you confirm that there is a logical cod |+ing error here? | | The DOCUMENT_ROOT patch is secondary and would be nice - but is the bug going |+ to be fixed in 4.0.5 ? | | Regards, | | Paul. | | --------------------------------------------------------------------------- | | [2001-04-14 05:34:04] [EMAIL PROTECTED] | This will not make it into 4.0.5 as this was branched a while back but it mig |+ht well make it into 4.0.6. Ill get a developer to look at this patch. | | - James | | --------------------------------------------------------------------------- | | [2001-04-13 20:57:35] [EMAIL PROTECTED] | I thought, while I'm here, I'd submit a patch to fix this. | | The patch also includes support for an additional special case in php.ini's o |+pen_basedir. | The current "." allows scripts to access files in the same directory as the s |+cript. | "DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's |+ directory tree. DOCUMENT_ROOT is calculated by PATH_TRANSLATED and removing |+ SCRIPT_URI from the end - This conveniently works for both full Apache Virta |+lhosts and mod_aliased Mass virtual hosting (I don't know if this is true for |+ the newer mod_vhost - just check what PATH_TRANSLATED and SCRIPT_URI is set |+to in phpinfo() - if removing the latter from the former is the sites docroot |+ then you are away). | | Anyway, the patch: code shamelessly copied from the "." segment :) | | *** main/fopen-wrappers.c.orig Fri Apr 13 17:50:02 2001 | --- main/fopen-wrappers.c Sat Apr 14 01:46:28 2001 | *************** | *** 141,151 **** | char resolved_name[MAXPATHLEN]; | char resolved_basedir[MAXPATHLEN]; | char local_open_basedir[MAXPATHLEN]; | int local_open_basedir_pos; | SLS_FETCH(); | | /* Special case basedir==".": Use script-directory */ | ! if ((strcmp(PG(open_basedir), ".") == 0) && | SG(request_info).path_translated && | *SG(request_info).path_translated | ) { | --- 141,167 ---- | char resolved_name[MAXPATHLEN]; | char resolved_basedir[MAXPATHLEN]; | char local_open_basedir[MAXPATHLEN]; | + char *local_open_request_uri; | int local_open_basedir_pos; | SLS_FETCH(); | | + /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the | + * virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI | + * [EMAIL PROTECTED] | + */ | + if ((strcmp(basedir, "DOCUMENT_ROOT") == 0) && | + SG(request_info).path_translated && | + *SG(request_info).path_translated ) { | + /* Copy path_translated to local_open_basedir, the look in | + this string for where request_uri starts and zero that byt |+e | + thus leaving local_open_basedir set to the virtualhost's | + DOCUMENT_ROOT */ | + strlcpy(local_open_basedir, SG(request_info).path_translated, |+ si | zeof(local_open_basedir)); | + local_open_request_uri=strstr(local_open_basedir,SG(request_i |+nfo | ).request_uri); | + if (local_open_request_uri) *local_open_request_uri = ' | | -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
