ID: 24521 Updated by: [EMAIL PROTECTED] Reported By: jjarven at softers dot net -Status: Open +Status: Closed Bug Type: Documentation problem Operating System: Linux 2.4.18 PHP Version: 4.3.2 New Comment:
This bug has been fixed in the documentation's XML sources. Since the online and downloadable versions of the documentation need some time to get updated, we would like to ask you to be a bit patient. Thank you for the report, and for helping us make our documentation better. "The special value . indicates that the working directory of the script will be used as base-directory. This is however little dagerous as the working directory of the script can be easily changed by chdir()." Previous Comments: ------------------------------------------------------------------------ [2003-07-07 06:30:34] [EMAIL PROTECTED] Due to the nature of a 'system call' this is technically not possible for php (or any other application). You have to rely on system security here. ------------------------------------------------------------------------ [2003-07-07 06:26:04] jjarven at softers dot net Unless safe_mode is enabled, at least system-function is able to go where-ever wants to (well, within httpd's access rights). I think it would be nice also to restrict system (exec, etc)-functions, without using safe_mode. ------------------------------------------------------------------------ [2003-07-07 05:53:44] [EMAIL PROTECTED] It might be nice to mention this in the docs too. :) ------------------------------------------------------------------------ [2003-07-07 05:50:15] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php open_basedir restricts opening files. If that is working then there is no bug here at all. ------------------------------------------------------------------------ [2003-07-07 05:42:35] jjarven at softers dot net Description: ------------ Apache 1.3.27 httpd.conf: php_admin_value open_basedir /home/www/ - phpinfo() reports local value in effect to be /home/www/ Reproduce code: --------------- chdir('/etc'); echo getcwd(); Expected result: ---------------- "open_basedir restriction in effect" Actual result: -------------- Will output: /etc I tested opendir(), readdir() and readfile() and they behave correctly, thus are not able to read anything outside open_basedir. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24521&edit=1
