Hi !!
Correction to last submited patch !!
Including or openeing a file fails when all paths defined in
include_path are not also defined in open_basedir, regardless
if the file to open/include is in both definitions.
Imagine include_path = .:/usr/local/lib/php:/usr/local/http-docs
open_basedir = .:/usr/local/http-docs
trying to include a file on /usr/local/http-docs will fail when
_php_stream_fopen_with_path will try to locate the file at
usr/local/lib/php . This could be undestand as a configuration
error, but in a virtual server farm enviroment it's easy to have
include_path defined globaly in php.ini and open_basedir defined
for each virtual server. BTW, it's not too good to fail in this
situation as the requested file meets all requirements. Also the
given error will report 'unable to open /usr/local/lib/php/filename'
due to open_basedir restrictions, where the real requested file
is /usr/local/http-docs/filename
--
Best regards ...
I was arrested for selling illegal sized paper.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail [EMAIL PROTECTED]
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------*** streams.c Sun Feb 23 21:32:40 2003
--- streams.c Sun Feb 23 21:34:40 2003
***************
*** 1741,1746 ****
--- 1741,1752 ----
end++;
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
+
+ /* If file does not exist continue */
+ if (VCWD_STAT(trypath, &sb) != 0) {
+ ptr = end;
+ continue;
+ }
if (php_check_open_basedir(trypath TSRMLS_CC)) {
stream = NULL;
***************
*** 1748,1764 ****
}
if (PG(safe_mode)) {
! if (VCWD_STAT(trypath, &sb) == 0) {
! /* file exists ... check permission */
! if ((php_check_safe_mode_include_dir(trypath
TSRMLS_CC) == 0) ||
! php_checkuid(trypath, mode,
CHECKUID_CHECK_MODE_PARAM)) {
! /* UID ok, or trypath is in
safe_mode_include_dir */
! stream = php_stream_fopen_rel(trypath, mode,
opened_path, options);
! } else {
! stream = NULL;
! }
! goto stream_done;
}
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
--- 1754,1768 ----
}
if (PG(safe_mode)) {
! /* file exists ... check permission */
! if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0)
||
! php_checkuid(trypath, mode,
CHECKUID_CHECK_MODE_PARAM)) {
! /* UID ok, or trypath is in safe_mode_include_dir */
! stream = php_stream_fopen_rel(trypath, mode,
opened_path, options);
! } else {
! stream = NULL;
}
+ goto stream_done;
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
