ID: 48260 Comment by: p dot tipper at lancaster dot ac dot uk Reported By: p dot tipper at lancaster dot ac dot uk Status: Open Bug Type: Apache2 related Operating System: Debian GNU/Linux 5.0.1 PHP Version: 5.3CVS-2009-05-13 (snap) New Comment:
Warning, URLs have gotten wrapped in bug report: Working: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200 Buggy: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350 etc. Previous Comments: ------------------------------------------------------------------------ [2009-05-13 11:41:57] p dot tipper at lancaster dot ac dot uk Description: ------------ When doing an #include virtual of a php file this seems to change to an include() call (and thus hit basedir restrictions) when the base PHP file reaches a certain size. Also connected with this behaviour is sub-virtual requests also stop working. This seems baffling as this behaviour should occur purely in Apache. Use of virtual() seems to also trigger this bug. Reproduce code: --------------- This URL works normally: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200 This URL demonstrates the bug: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350 To see how this is affected by setting open_basedir="/usr/local/lib/php:/tmp:." then check these URLs: Working: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=200&basedir=1 Broken: http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1 The "?amount=N" adds more output lines to the main PHP file thus changing its size in an easy manner. All code available from http://red-velvet.lancs.ac.uk:8080/~tipper/include/include-test.tar.gz Expected result: ---------------- The #include virtual (or virtual()) data should continue to behave as normal, and shouldn't fall foul of basedir restrictions. The following block should always appear at the top of the output: This is an included file /~tipper/include/subdir/test.php Request was /~tipper/include/base/index.php?amount=200 This is an included file /~tipper/include/subdir/test2.php Request was /~tipper/include/base/index.php?amount=200 End of included file /~tipper/include/subdir/test2.php End of included file /~tipper/include/subdir/test.php (Where 200 will be whatever number you set for amount= ) Actual result: -------------- Once the amount goes above about 340 lines this seems to be the output (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350 ) This is an included file /~tipper/include/base/index.php Request was /~tipper/include/base/index.php?amount=350 End of included file /~tipper/include/base/index.php If you try this with open_basedir set to "/usr/local/lib/php:/tmp:." you get the following error (from http://red-velvet.lancs.ac.uk:8080/~tipper/include/base/index.php?amount=350&basedir=1 ) Warning: main() [function.main]: open_basedir restriction in effect. File(/home/tipper/public_html/include/subdir/test.php) is not within the allowed path(s): (/usr/local/lib/php:/tmp:.) in /home/tipper/public_html/include/base/index.php on line 30 Warning: main(/home/tipper/public_html/include/subdir/test.php) [function.main]: failed to open stream: Operation not permitted in /home/tipper/public_html/include/base/index.php on line 30 Warning: main() [function.include]: Failed opening '/home/tipper/public_html/include/subdir/test.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/tipper/public_html/include/base/index.php on line 30 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48260&edit=1
