[PHP-DEV] Bug #9526 Updated: Copy function is not affected by the security settings
ID: 9526
Updated by: rasmus
Reported By: [EMAIL PROTECTED]
Old-Status: Critical
Status: Closed
Bug Type: Unknown/Other Function
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
Fixed in CVS
Previous Comments:
---
[2001-05-07 12:57:15] [EMAIL PROTECTED]
Marking as fix before 4.0.6
---
[2001-03-02 09:45:59] [EMAIL PROTECTED]
It appears that the copy function is not affected by the security restrictions set on
the php.ini file
PHP.ini:
Safe_mode=On
Open_basedir=d:wwwhtdocs
With a script like:
print('font color=#007700Try to copy() c:winntwin.ini to
d:wwwhtdocsphptest/tr/fontbr');
if (!copy('c:winntwin.ini', 'd:wwwhtdocsphptestwin.ini')) {
print('font color=#007700bOK/b: Copy() Failed/font');
}
else
{
print('font color=#DDbWarning/b: Copy() Succeeded!!!/font');
}
print('br=br');
print('font color=#007700Try to fopen() file d:wwwhtdocsphptestwin.ini/fontbr');
if (!fopen( 'd:wwwhtdocsphptestwin.ini', 'r' )) {
print('font color=#007700bOK/b: Fopen() Failed/font');
}
else
{
print('font color=#DDbWarning/b: Fopen() Succeeded!!!/font');
}
I can copy a file from a forbiden directory to an allowed one and the read it.
Other functions that I have tested don't have this bug.
I tested with Apache for Windows 1.3.14 and the PHP4 module
Best regards,
Victor Fernandes
---
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9526edit=2
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #9526 Updated: Copy function is not affected by the security settings
ID: 9526
Updated by: derick
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Critical
Bug Type: Unknown/Other Function
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
Marking as fix before 4.0.6
Previous Comments:
---
[2001-03-02 09:45:59] [EMAIL PROTECTED]
It appears that the copy function is not affected by the security restrictions set on
the php.ini file
PHP.ini:
Safe_mode=On
Open_basedir=d:wwwhtdocs
With a script like:
print('font color=#007700Try to copy() c:winntwin.ini to
d:wwwhtdocsphptest/tr/fontbr');
if (!copy('c:winntwin.ini', 'd:wwwhtdocsphptestwin.ini')) {
print('font color=#007700bOK/b: Copy() Failed/font');
}
else
{
print('font color=#DDbWarning/b: Copy() Succeeded!!!/font');
}
print('br=br');
print('font color=#007700Try to fopen() file d:wwwhtdocsphptestwin.ini/fontbr');
if (!fopen( 'd:wwwhtdocsphptestwin.ini', 'r' )) {
print('font color=#007700bOK/b: Fopen() Failed/font');
}
else
{
print('font color=#DDbWarning/b: Fopen() Succeeded!!!/font');
}
I can copy a file from a forbiden directory to an allowed one and the read it.
Other functions that I have tested don't have this bug.
I tested with Apache for Windows 1.3.14 and the PHP4 module
Best regards,
Victor Fernandes
---
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9526edit=2
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
