From: php at ralph-schuster dot eu
Operating system: Linux 2.6.13/SuSE
PHP version: 5.2.6
PHP Bug Type: Safe Mode/open_basedir
Bug description: file_exists throws warnings in basedir_restriction mode
Description:
------------
function file_exists() throws warning message again when in safe mode.
There was a bug #21531 that addressed similar problem with 4.x version.
Configuration used:
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log /var/log/php.log /var/log/php.log
error_prepend_string no value no value
error_reporting 6135 6135
expose_php On On
extension_dir /usr/local/php/CURRENT/extensions
/usr/local/php/CURRENT/extensions
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/local/php/CURRENT/lib/php
.:/usr/local/php/CURRENT/lib/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 60 30
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 32M 128M
open_basedir
/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs:/tmp no
value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir /srv/www/vhosts/safebin/ /srv/www/vhosts/safebin/
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 16M 2M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off
Reproduce code:
---------------
if (!file_exists($path)) {
...
}
// $path seems to combine URLs and local paths illegally
// but its third party code
Expected result:
----------------
no PHP warning message
Actual result:
--------------
[11-Jun-2008 10:45:44] PHP Warning: file_exists() [<a
href='function.file-exists'>function.file-exists</a>]: open_basedir
restriction in effect.
File(/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocshttp://office.euroversichert.de/phpgwapi/templates/idots/css/idots.css?1180943265)
is not within the allowed path(s):
(/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs:/tmp) in
/srv/www/vhosts/euroversichert.de/subdomains/office/httpdocs/phpgwapi/inc/class.egw_framework.inc.php
on line 563
--
Edit bug report at http://bugs.php.net/?id=45262&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=45262&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=45262&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=45262&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=45262&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=45262&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=45262&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=45262&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=45262&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=45262&r=support
Expected behavior: http://bugs.php.net/fix.php?id=45262&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=45262&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=45262&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=45262&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45262&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=45262&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=45262&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=45262&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=45262&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=45262&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=45262&r=mysqlcfg
