ID: 46934 Updated by: bj...@php.net Reported By: kristof dot coomans at telenet dot be Status: Open Bug Type: Safe Mode/open_basedir Operating System: Windows XP PHP Version: 5.3CVS-2008-12-23 (snap) New Comment:
I don't think the plan was to allow un-tightening it again.. Previous Comments: ------------------------------------------------------------------------ [2008-12-23 08:55:33] kristof dot coomans at telenet dot be Description: ------------ I'm testing the new feature introduced lately, namely "tightening" the open_basedir setting. This might be a very good security measure, to prevent relative directory traversal exploits. However, sometimes it is useful to tighten the path only for certain code, and untighten it again afterward to its original value. This doesn't seem to work currently. Reproduce code: --------------- <?php // original open_basedir value echo ini_get( 'open_basedir' ) . PHP_EOL; $newBaseDir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'var' . DIRECTORY_SEPARATOR; ini_set( 'open_basedir', $newBaseDir ); // new tightened open_basedir value echo ini_get( 'open_basedir' ) . PHP_EOL; // this will fail, as intended, because of the open_basedir restriction file_put_contents( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'test.txt', 'test 123 456' ); ini_restore( 'open_basedir' ); // original open_basedir value again echo ini_get( 'open_basedir' ) . PHP_EOL; // this will stail fail, not intended file_put_contents( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'test.txt', 'test 123 456' ); ?> Expected result: ---------------- The last call should be allowed, and a file test.txt should have been created in the same directory as the script. Actual result: -------------- Warning: file_put_contents(): open_basedir restriction in effect. File(C:\sites\ trunk\test.txt) is not within the allowed path(s): (░δรง☺♀) in ... Warning: file_put_contents(C:\sites\trunk\test.txt): failed to open stream: Operation not permitted in ... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46934&edit=1
