ID: 15547
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Feedback
Bug Type: Filesystem function related
Operating System: Linux(RedHat 7.1)
PHP Version: 4.0.6
New Comment:
> Are you sure safe-mode is enabled?
No it is not. open_basedir seems to be independent directive
without connection to the safe-mode (Atleast, the directory
restrictions work on other file-operations but not tempnam)
The following is example what triggered this in my code.
php.ini has open_basedir=/www/htdocs and safe_mode= off
The working code...
$tfile=tempnam("/www/htdocs/tmp","foobar");
// success if /www/htdocs/tmp/ exists and is writable
// directory
$fp=fopen($tfile,"w");
// opens the file.
The initial version, which does not care about the
open_basedir...
$tfile=tempnam("/tmp","foobar");
// creates the temp-file.
$fp=fopen($tfile,"w");
// tries to open the file but does not succeed because of
// the open_basedir setting!
//
// Because (any other) file operations cannot be used on /tmp
// this code clutters the /tmp directory with zerobyte
// temp-files.
Previous Comments:
------------------------------------------------------------------------
[2002-02-15 13:08:10] [EMAIL PROTECTED]
Are you sure safe-mode is enabled?
------------------------------------------------------------------------
[2002-02-14 02:18:04] [EMAIL PROTECTED]
tempnam() function bypasses open_basedir directive
set by php.ini
This can be seen f.e. by following code:
$tfile=tempnam("/tmp","foobar");
// this is a success regardless of a open_basedir setting
$fp=fopen($tfile,"w")
// file is already created but fopen() fails if
// open_basedir is set, but not to include /tmp
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15547&edit=1
