ID: 49670 Updated by: [email protected] Reported By: david at majorsecurity dot info -Status: Open +Status: Bogus Bug Type: Filesystem function related Operating System: Unix PHP Version: 5.3.0 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. You must be kidding? This is not a file_get_contents() issue at all, you just failed the 1st rule of coding: NEVER trust the input. Previous Comments: ------------------------------------------------------------------------ [2009-09-25 18:42:08] david at majorsecurity dot info Description: ------------ If you use a prefix (i.e myownprefix_ ) in your source code to make sure that only files containing this prefix can be opened, this can be bypassed within file_get_contents(). Let's say that you have placed 2 files in your htdocs folder: 1. /htdocs/david/myownprefix_home.php 2. /htdocs/david/home.php 3. /htdocs/bug.php Reproduce code: --------------- --- >From manual page: function.file-get-contents --- Example code (bug.php): <?php if(isset($_GET['seite'])) { $seite = $_GET['seite']; $datei = nl2br(file_get_contents("./david/myownprefix_$seite.php")); echo $datei; } ?> Proof of concept: http://localhost/bug.php?seite=/../home Expected result: ---------------- Now this would open the file /htdocs/home.php and our defined prefix will be bypassed. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49670&edit=1
