ID: 9526
Updated by: derick
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Critical
Bug Type: Unknown/Other Function
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
Marking as fix before 4.0.6
Previous Comments:
---------------------------------------------------------------------------
[2001-03-02 09:45:59] [EMAIL PROTECTED]
It appears that the copy function is not affected by the security restrictions set on
the php.ini file
PHP.ini:
Safe_mode=On
Open_basedir=d:wwwhtdocs
With a script like:
print('<font color=#007700>Try to copy() c:winntwin.ini to
d:wwwhtdocsphptest</tr></font><br>');
if (!copy('c:winntwin.ini', 'd:wwwhtdocsphptestwin.ini')) {
print('<font color=#007700><b>OK</b>: Copy() Failed</font>');
}
else
{
print('<font color=#DD0000><b>Warning</b>: Copy() Succeeded!!!</font>');
}
print('<br>=====================================================<br>');
print('<font color=#007700>Try to fopen() file d:wwwhtdocsphptestwin.ini</font><br>');
if (!fopen( 'd:wwwhtdocsphptestwin.ini', 'r' )) {
print('<font color=#007700><b>OK</b>: Fopen() Failed</font>');
}
else
{
print('<font color=#DD0000><b>Warning</b>: Fopen() Succeeded!!!</font>');
}
I can copy a file from a forbiden directory to an allowed one and the read it.
Other functions that I have tested don't have this "bug".
I tested with Apache for Windows 1.3.14 and the PHP4 module
Best regards,
Victor Fernandes
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9526&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
