ID: 15801
Comment by: rl at brabbel dot net
Reported By: vedad at kajtaz dot net
Status: No Feedback
Bug Type: Safe Mode/open_basedir
Operating System: linux rh
PHP Version: 4.1.2
New Comment:
I've experienced the same problem, when trying to install gallery2 with
open_basedir in effect.
mkdir and tempnam do not work as they should.
I'm really wondering that this bug still exists, as it is easily
reproduceable.
Warning: mkdir(): open_basedir restriction in effect.
File(/var/vhosts/mydomain/gallery-data/cache/entity/0/5) is not within
the allowed path(s): (/var/vhosts/mydomain/:/usr/share/gallery2/) in
/usr/share/gallery2/modules/core/classes/GalleryPlatform.class on line
624
The path /var/vhosts/mydomain is not a symlink, nor any of the subdirs
below it, so all operations are happening on real dirs/files.
It would be a big win for php to get that stuff sorted out.
Previous Comments:
------------------------------------------------------------------------
[2005-04-24 22:17:41] php at kobaz dot net
PHP version 4.3.10
Using various file operations on a file that does not exist will
produce an open_basedir restriction violation.
Example 1:
set open_basedir to "/home/ryan/public_html"
script 1:
stat('/home/ryan/public_html/a'); // a is a non-existant file
output:
Warning: stat(): open_basedir restriction in effect.
File(/home/ryan/public_html/a) is not within the allowed path(s):
(/home/ryan/public_html) in /home/ryan/public_html/a.php on line 3
Example 2:
set open_basedir to "/home/ryan/public_html:/tmp"
script 2:
echo stat('/home/ryan/public_html/images/articles/'); // this is
successful
copy('/tmp/phpTqhjMx','/home/ryan/public_html/images/articles/new.jpg');
// /tmp/phpTqhjMx exists, new.jpg does not
output:
Array
Warning: copy(): open_basedir restriction in effect.
File(/home/ryan/public_html/images/articles/new.jpg) is not within the
allowed path(s): (/home/ryan/public_html:/tmp) in
/home/ryan/public_html/test.php on line 4
------------------------------------------------------------------------
[2002-12-06 19:12:27] [EMAIL PROTECTED]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
------------------------------------------------------------------------
[2002-11-25 08:37:01] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
I am unable to replicate the problem using the latest CVS.
------------------------------------------------------------------------
[2002-03-01 02:34:26] [EMAIL PROTECTED]
The reason for the difference comes down to a difference in what
happens when a resource that exists is checked via realpath() vs. a
resource that does not exist. Often on a copy() operation the source
path exists, but the target doesn't. That's obviously not always the
case. The open_basedir check needs to be made more advanced and should
detect if the resource it is checking does not exist in which case it
should step back one level and check that path.
If I fell inspired I'll fix it, but if someone else wants to, by all
means...
------------------------------------------------------------------------
[2002-02-28 22:14:46] vedad at kajtaz dot net
okay, i get the point...
but what about include() and upload_tmp_dir ?
if there were using the same mechanism as copy() (sorry i never had
much to look inside php source and verify by myself), they'd raise an
error too, right?
(they still point to symlinked path, and they still work, unlike copy()
)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/15801
--
Edit this bug report at http://bugs.php.net/?id=15801&edit=1
