Fail. open_basedir can as of 5.3.0 be set at run time to tighten the path. I.e. if open_basedir=/usr/local in php.ini you can ini_set("open_basedir", "/usr/local/bin") at runtime. trying to remove stuff from open_basedir (i.e. ini_set("open_basedir", "/usr");) fails.
-Hannes On Tue, Dec 9, 2008 at 11:20, Hannes Magnusson <[EMAIL PROTECTED]> wrote: > bjori Tue Dec 9 10:20:11 2008 UTC > > Added files: (Branch: PHP_5_3) > /php-src/ext/standard/tests/directory open_basedir_001.phpt > > Modified files: > /php-src NEWS > /php-src/main fopen_wrappers.c fopen_wrappers.h > Log: > MFH: - Changed open_basedir to allow tightening in runtime contexts. (Sara) > - Add test > > > > http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.405&r2=1.2027.2.547.2.965.2.406&diff_format=u > Index: php-src/NEWS > diff -u php-src/NEWS:1.2027.2.547.2.965.2.405 > php-src/NEWS:1.2027.2.547.2.965.2.406 > --- php-src/NEWS:1.2027.2.547.2.965.2.405 Tue Dec 9 10:12:21 2008 > +++ php-src/NEWS Tue Dec 9 10:20:11 2008 > @@ -3,6 +3,7 @@ > ?? ??? 200?, PHP 5.3.0 Alpha 4 > - Changed opendir/dir/scandir to use default context > when no context argument is passed. (Sara) > +- Changed open_basedir to allow tightening in runtime contexts. (Sara) > > - Fixed bug #46811 ini_set() doesn't return false on failure. (Hannes) > > http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.175.2.3.2.13.2.13&r2=1.175.2.3.2.13.2.14&diff_format=u > Index: php-src/main/fopen_wrappers.c > diff -u php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.13 > php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.14 > --- php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.13 Mon Aug 11 15:33:02 > 2008 > +++ php-src/main/fopen_wrappers.c Tue Dec 9 10:20:11 2008 > @@ -17,7 +17,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.13 2008/08/11 15:33:02 lbarnaud > Exp $ */ > +/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.14 2008/12/09 10:20:11 bjori Exp > $ */ > > /* {{{ includes > */ > @@ -79,6 +79,62 @@ > #endif > /* }}} */ > > +/* {{{ OnUpdateBaseDir > +Allows any change to open_basedir setting in during Startup and Shutdown > events, > +or a tightening during activation/runtime/deactivation */ > +PHPAPI ZEND_INI_MH(OnUpdateBaseDir) > +{ > + char **p, *pathbuf, *ptr, *end; > +#ifndef ZTS > + char *base = (char *) mh_arg2; > +#else > + char *base = (char *) ts_resource(*((int *) mh_arg2)); > +#endif > + > + p = (char **) (base + (size_t) mh_arg1); > + > + if (stage == PHP_INI_STAGE_STARTUP || stage == > PHP_INI_STAGE_SHUTDOWN) { > + /* We're in a PHP_INI_SYSTEM context, no restrictions */ > + *p = new_value; > + return SUCCESS; > + } > + > + /* Otherwise we're in runtime */ > + if (!*p || !**p) { > + /* open_basedir not set yet, go ahead and give it a value */ > + *p = new_value; > + return SUCCESS; > + } > + > + /* Shortcut: When we have a open_basedir and someone tries to unset, > we know it'll fail */ > + if (!new_value || !*new_value) { > + return FAILURE; > + } > + > + /* Is the proposed open_basedir at least as restrictive as the > current setting? */ > + ptr = pathbuf = estrdup(new_value); > + while (ptr && *ptr) { > + end = strchr(ptr, DEFAULT_DIR_SEPARATOR); > + if (end != NULL) { > + *end = '\0'; > + end++; > + } > + if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) { > + /* At least one portion of this open_basedir is less > restrictive than the prior one, FAIL */ > + efree(pathbuf); > + return FAILURE; > + } > + ptr = end; > + } > + efree(pathbuf); > + > + /* Everything checks out, set it */ > + *p = new_value; > + > + return SUCCESS; > +} > +/* }}} */ > + > /* {{{ php_check_specific_open_basedir > When open_basedir is not NULL, check if the given filename is located > in > open_basedir. Returns -1 if error or not in the open_basedir, else 0. > http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.44.2.1.2.2.2.4&r2=1.44.2.1.2.2.2.5&diff_format=u > Index: php-src/main/fopen_wrappers.h > diff -u php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.4 > php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.5 > --- php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.4 Mon Aug 11 15:33:02 > 2008 > +++ php-src/main/fopen_wrappers.h Tue Dec 9 10:20:11 2008 > @@ -16,13 +16,14 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: fopen_wrappers.h,v 1.44.2.1.2.2.2.4 2008/08/11 15:33:02 lbarnaud Exp > $ */ > +/* $Id: fopen_wrappers.h,v 1.44.2.1.2.2.2.5 2008/12/09 10:20:11 bjori Exp $ > */ > > #ifndef FOPEN_WRAPPERS_H > #define FOPEN_WRAPPERS_H > > BEGIN_EXTERN_C() > #include "php_globals.h" > +#include "php_ini.h" > > PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC); > PHPAPI char *expand_filepath(const char *filepath, char *real_path > TSRMLS_DC); > @@ -39,6 +40,8 @@ > PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, > const char *path, char **opened_path TSRMLS_DC); > > PHPAPI char *php_strip_url_passwd(char *path); > + > +PHPAPI ZEND_INI_MH(OnUpdateBaseDir); > END_EXTERN_C() > > #endif > > http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/directory/open_basedir_001.phpt?view=markup&rev=1.1 > Index: php-src/ext/standard/tests/directory/open_basedir_001.phpt > +++ php-src/ext/standard/tests/directory/open_basedir_001.phpt > > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php