From: david at darville dot name
Operating system: RedHat Linux
PHP version: 4.3.2
PHP Bug Type: Filesystem function related
Bug description: stat() and file_exists() is neither affected by safe_mode nor
open_basedir
Description:
------------
Even when safe mode is enabled, and open_basedir restrictions is in place,
it is possible to use file_exists(), stat() (and fileperms()) on any file
on the system.
Reproduce code:
---------------
$filename = "/etc/shadow";
if (file_exists($filename))
{
echo "$filename exists\n";
}
else
{
echo "$filename does not exist\n";
}
$stat = stat($filename);
--
Edit bug report at http://bugs.php.net/?id=24333&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=24333&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=24333&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24333&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24333&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24333&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24333&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24333&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24333&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24333&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24333&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24333&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24333&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24333&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24333&r=gnused
