ID: 41655
Updated by: [EMAIL PROTECTED]
Reported By: dr at peytz dot dk
-Status: Open
+Status: Assigned
Bug Type: Safe Mode/open_basedir
Operating System: Linux
PHP Version: 5.2.3
Assigned To: iliaa
Previous Comments:
------------------------------------------------------------------------
[2007-09-18 20:36:58] [EMAIL PROTECTED]
Please, you can't break BC at this point. My example works before and
must work now.
/home/pierre/cvs/php52/ext/*/tests/../../../../../*
has nothing to do with my example except that you add relative paths
later. It is simply another case that should fail because of
open_basedir.
My example introduces a huge BC break in symfony, to list only one
widely used "app". Back to open, if you don't want to fix it yourself,
please let me know, I will have to do it myself.
------------------------------------------------------------------------
[2007-09-18 19:08:04] [EMAIL PROTECTED]
This is unavoidable since you don't want things like:
/home/pierre/cvs/php52/ext/*/tests/../../../../../*
to be let through.
------------------------------------------------------------------------
[2007-09-17 07:51:11] [EMAIL PROTECTED]
The fix for this bug introduced a regression.
Using:
$a =glob("/home/pierre/cvs/php52/ext/*/tests/*");'
Where:
open_basedir = /home/pierre/cvs/php52
glob fails to access this path:
Warning: glob(): Unable to access /home/pierre/cvs/php52/ext/*/tests in
Command line code on line 1
------------------------------------------------------------------------
[2007-06-12 12:57:50] [EMAIL PROTECTED]
This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
------------------------------------------------------------------------
[2007-06-11 17:14:02] dr at peytz dot dk
Description:
------------
file_exists() etc. does not allow checking the existence of files
outside the directories specified in open_basedir.
This can be circumvented using glob(). glob() does check open_basedir,
but its return type still reveals whether files exist outside
open_basedir. The existence of a file can be checked using
!is_array(glob($filename)).
Reproduce code:
---------------
var_dump(glob('/etc/hosts'));
var_dump(glob('/etc/does-not-exist'));
Expected result:
----------------
bool(false)
bool(false)
or
array(0) {
}
array(0) {
}
Actual result:
--------------
bool(false)
array(0) {
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=41655&edit=1
