Re: [PHP-DEV] open_basedir bypass -> errata tempnam()

2011-09-27 Thread Antony Dovgal
On 09/28/2011 02:39 AM, Reindl Harald wrote: PLEASE REPLY ONLY TO THE LIST Please provide a short (10 lines max) but complete reproduce script. At the moment your explanations do not make any sense. -- Wbr, Antony Dovgal --- http://pinba.org - realtime profiling for PHP -- PHP Internals - PHP

Re: [PHP-DEV] open_basedir bypass -> errata tempnam()

2011-09-27 Thread Reindl Harald
Am 28.09.2011 00:34, schrieb Ángel González: > Reindl Harald schrieb: >> [root@arrakis:~]$ stat /tmp/rhcsvz8QeBL >> File: „/tmp/rhcsvz8QeBL“ >>> Are you sure it is the fopen() what is making it? >>> I think that some other function/extension may be creating the temporary >>> file >>> /tmp/rh

Re: [PHP-DEV] open_basedir bypass -> errata tempnam()

2011-09-27 Thread Ángel González
Reindl Harald schrieb: [root@arrakis:~]$ stat /tmp/rhcsvz8QeBL File: „/tmp/rhcsvz8QeBL“ Are you sure it is the fopen() what is making it? I think that some other function/extension may be creating the temporary file /tmp/rhcsvz8QeBL for you to open, which then fails due to the open_basedir.

Re: [PHP-DEV] open_basedir bypass -> errata tempnam()

2011-09-27 Thread Reindl Harald
Am 28.09.2011 00:16, schrieb Ángel González: > Reindl Harald wrote: >> below a correct open_basedir restriction >> >> but why can fopen() create this file outside the >> basedir and after that the restriction is active? >> >> this means in other words: fopen() can empty files outside the basedir

Re: [PHP-DEV] open_basedir bypass

2011-09-27 Thread Ángel González
Reindl Harald wrote: below a correct open_basedir restriction but why can fopen() create this file outside the basedir and after that the restriction is active? this means in other words: fopen() can empty files outside the basedir if their permissions are open enough Sep 27 10:53:26 open_base

[PHP-DEV] open_basedir bypass

2011-09-27 Thread Reindl Harald
below a correct open_basedir restriction but why can fopen() create this file outside the basedir and after that the restriction is active? this means in other words: fopen() can empty files outside the basedir if their permissions are open enough Sep 27 10:53:26 open_basedir restriction in effe

Re: [PHP-DEV] Question about ABI compatibility for an ext/xsl patch and an API question for the implementation

2011-09-27 Thread Rasmus Lerdorf
This sounds like the best approach actually. On Sep 27, 2011, at 7:03 AM, Christian Stocker wrote: > Hi again > > I just had the idea for a 4th option. Won't be less controversy, but > it's backwards and forwards compatible. > > 4) use a php ini setting in PHP 5.3 > > I know, we try to avoid