[PHP-DEV] Bug #9526 Updated: Copy function is not affected by the security settings
ID: 9526 Updated by: rasmus Reported By: [EMAIL PROTECTED] Old-Status: Critical Status: Closed Bug Type: Unknown/Other Function Operating system: PHP Version: 4.0.4pl1 Assigned To: Comments: Fixed in CVS Previous Comments: --- [2001-05-07 12:57:15] [EMAIL PROTECTED] Marking as fix before 4.0.6 --- [2001-03-02 09:45:59] [EMAIL PROTECTED] It appears that the copy function is not affected by the security restrictions set on the php.ini file PHP.ini: Safe_mode=On Open_basedir=d:wwwhtdocs With a script like: print('font color=#007700Try to copy() c:winntwin.ini to d:wwwhtdocsphptest/tr/fontbr'); if (!copy('c:winntwin.ini', 'd:wwwhtdocsphptestwin.ini')) { print('font color=#007700bOK/b: Copy() Failed/font'); } else { print('font color=#DDbWarning/b: Copy() Succeeded!!!/font'); } print('br=br'); print('font color=#007700Try to fopen() file d:wwwhtdocsphptestwin.ini/fontbr'); if (!fopen( 'd:wwwhtdocsphptestwin.ini', 'r' )) { print('font color=#007700bOK/b: Fopen() Failed/font'); } else { print('font color=#DDbWarning/b: Fopen() Succeeded!!!/font'); } I can copy a file from a forbiden directory to an allowed one and the read it. Other functions that I have tested don't have this bug. I tested with Apache for Windows 1.3.14 and the PHP4 module Best regards, Victor Fernandes --- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=9526edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #9526 Updated: Copy function is not affected by the security settings
ID: 9526 Updated by: derick Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Critical Bug Type: Unknown/Other Function Operating system: PHP Version: 4.0.4pl1 Assigned To: Comments: Marking as fix before 4.0.6 Previous Comments: --- [2001-03-02 09:45:59] [EMAIL PROTECTED] It appears that the copy function is not affected by the security restrictions set on the php.ini file PHP.ini: Safe_mode=On Open_basedir=d:wwwhtdocs With a script like: print('font color=#007700Try to copy() c:winntwin.ini to d:wwwhtdocsphptest/tr/fontbr'); if (!copy('c:winntwin.ini', 'd:wwwhtdocsphptestwin.ini')) { print('font color=#007700bOK/b: Copy() Failed/font'); } else { print('font color=#DDbWarning/b: Copy() Succeeded!!!/font'); } print('br=br'); print('font color=#007700Try to fopen() file d:wwwhtdocsphptestwin.ini/fontbr'); if (!fopen( 'd:wwwhtdocsphptestwin.ini', 'r' )) { print('font color=#007700bOK/b: Fopen() Failed/font'); } else { print('font color=#DDbWarning/b: Fopen() Succeeded!!!/font'); } I can copy a file from a forbiden directory to an allowed one and the read it. Other functions that I have tested don't have this bug. I tested with Apache for Windows 1.3.14 and the PHP4 module Best regards, Victor Fernandes --- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=9526edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]