ID: 19292 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: Apache related Operating System: linux PHP Version: 4.3.0-dev,4.2.3 New Comment:
Heh, now happens the opposite: [24-Oct-2002 11:55:45] PHP Warning: open_basedir: File should be in /www/doc/www.customer.ch-80, but is in /www/doc/www.customer.org-80/photos/index.php file (/www/doc/www.aaa.ch-80/formmail.php) in Unknown on line 0 I added now both cases. Works so far :P but doesn't solve the real problem. http://people.freebsd.org/~mbr/patches/fopen_wrappers.c.diff Previous Comments: ------------------------------------------------------------------------ [2002-10-24 04:26:38] [EMAIL PROTECTED] I'm using this workaround for now. It solves the problem: --- main/fopen_wrappers.c.orig Wed Oct 23 11:49:40 2002 +++ main/fopen_wrappers.c Thu Oct 24 11:22:18 2002 @@ -189,10 +189,12 @@ /* Only check when open_basedir is available */ if (PG(open_basedir) && *PG(open_basedir)) { char *pathbuf; + char *newpath; char *ptr; char *end; pathbuf = estrdup(PG(open_basedir)); + newpath = estrdup(zend_get_executed_filename(TSRMLS_C)); ptr = pathbuf; @@ -203,15 +205,18 @@ end++; } - if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) { + if (php_check_specific_open_basedir(ptr, newpath TSRMLS_CC) == 0) { efree(pathbuf); + efree(newpath); return 0; } ptr = end; } - php_error(E_WARNING, "open_basedir restriction in effect. File is in wrong directory"); + php_error(E_WARNING, "open_basedir: File should be in %s, but is in %s file (%s)", + pathbuf, path, newpath); efree(pathbuf); + efree(newpath); errno = EPERM; /* we deny permission to open it */ return -1; } @@ -226,8 +231,8 @@ PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) { /* Only check when safe_mode on and safe_mode_include_dir is available */ - if (PG(safe_mode) && PG(safe_mode_include_dir) && - *PG(safe_mode_include_dir)) + if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) + && PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) { char *pathbuf; char *ptr; @@ -268,7 +273,7 @@ } /* Nothing to check... */ - return -1; + return 0; } /* }}} */ ------------------------------------------------------------------------ [2002-10-24 04:04:05] [EMAIL PROTECTED] I changed the random message: PHP Warning: open_basedir restriction in effect. File is in wrong directory in ${some dir} to include the paths ... Here you see what is going wrong ... Completly bogus the message: [24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//include/globals.inc in /www/doc/www.aaa.ch-80/index.php on line 2 [24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//wrapper.php in /www/doc/www.aaa.ch-80/index.php on line 6 [24-Oct-2002 10:49:19] PHP Warning: Cannot add header information - headers already sent by (output started at /w ww/doc/www.aaa.ch-80/index.php:2) in /www/doc/www.aaa.ch-80/wrapper.php on line 4 [24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//include/globals.inc in /www/doc/www.aaa.ch-80/index.php on line 2 [24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in /www/doc/www.aaa.ch-80, but is in /www/doc/ www.bbb.ch-80/html/visions/php//wrapper.php in /www/doc/www.aaa.ch-80/index.php on line 6 [24-Oct-2002 10:53:45] PHP Warning: Cannot add header information - headers already sent by (output started at /w ww/doc/www.aaa.ch-80/index.php:2) in /www/doc/www.aaa.ch-80/wrapper.php on line 4 There is something seriously broken ! Martin ------------------------------------------------------------------------ [2002-10-24 03:09:09] [EMAIL PROTECTED] I also had trouble with php 4.2.3 running as mod with apache 1.3.27 on FreeBSD 4.7. Sometimes got error: Warning: Failed opening '/home/user/public_html/index.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0 my virtual host configuration was: ... DocumentRoot /home/user/public_html php_admin_value doc_root /home/user/public_html php_admin_value open_basedir "/home/user/public_html/:/usr/local/lib/php/" ... but here directory /home was a symlink to /usr/home after making chahges in httpd.conf to the following: DocumentRoot /usr/home/user/public_html php_admin_value doc_root /usr/home/user/public_html php_admin_value open_basedir "/usr/home/user/public_html/:/usr/local/lib/php/" everything works fine. Is it error with symlink in php? ------------------------------------------------------------------------ [2002-10-23 06:25:32] [EMAIL PROTECTED] I just added the patch for this problem. I can confirm that it does _NOT_ fix the problem. We have several virtual servers running on this host. Most of them use PHP. It looks to me that the bug only happens if previously the apache child has done some specific request for another php customer without openbasedir. Could this be possible ? ------------------------------------------------------------------------ [2002-10-20 11:25:53] [EMAIL PROTECTED] Testing the latest php4-200210200600 shows the same behaviour. I have using it by renaming a index.html to index.php file. So no special php funktion is using and i'm sure that there is no auto_prepend_file or something else. Here are the php configuration for that vhost. <IfModule mod_php4.c> php_admin_flag engine on php_admin_flag safe_mode on php_admin_value session.save_path /daten/http/takenet/www.ad4screen.de/tmp php_admin_value open_basedir "/daten/http/takenet/www.ad4screen.de:/usr/lib/php/" php_admin_value doc_root /daten/http/takenet/www.ad4screen.de php_admin_value upload_tmp_dir /daten/http/takenet/www.ad4screen.de/tmp php_admin_value error_log /daten/http/takenet/www.ad4screen.de/logs/php_error.log php_admin_value upload_max_filesize 10M php_admin_value post_max_size 10M </IfModule> ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/19292 -- Edit this bug report at http://bugs.php.net/?id=19292&edit=1
