#26653 [NEW]: open_basedir bug

Wed, 17 Dec 2003 10:19:09 -0800 

From:             eddyleo777 at hotmail dot com
Operating system: Win32
PHP version:      Irrelevant
PHP Bug Type:     *Directory/Filesystem functions
Bug description:  open_basedir bug

Description:
------------
test.php
<?php
fopen("c:/apache/user_security/passwd", "r");
?>

php.ini
open_basedir = "c:\apache\user\" ;work
open_basedir = "c:/apache/user" ;it does not work
open_basedir = "c:/apache/user/" ;it does not work


Reproduce code:
---------------
php4-200312171430/main/fopen_wrappers.c on line 133

/* Handler for basedirs that end with a / */    
if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR) {
  resolved_basedir_len = strlen(resolved_basedir);
  resolved_basedir[resolved_basedir_len] = '/';
  resolved_basedir[++resolved_basedir_len] = '\0';
} else {
  resolved_basedir_len = strlen(resolved_basedir);      
}

if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) {
  resolved_name_len = strlen(resolved_name);
  resolved_name[resolved_name_len] = '/';
  resolved_name[++resolved_name_len] = '\0';
}


Expected result:
----------------
the introduced solution not work.
interpret this possible solution please.

php4-200312171430/main/fopen_wrappers.c on line 133

/* Handler for basedirs that end with a / */    
if (???is_dir???(resolved_basedir)) {
  resolved_basedir_len = strlen(resolved_basedir);
  resolved_basedir[resolved_basedir_len] =PHP_DIR_SEPARATOR;
  resolved_basedir[++resolved_basedir_len] = '\0';
} else {
  resolved_basedir_len = strlen(resolved_basedir);
}

if (???is_dir???(resolved_name)) {
  resolved_name_len = strlen(resolved_name);
  resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR;
  resolved_name[++resolved_name_len] = '\0';
}



-- 
Edit bug report at http://bugs.php.net/?id=26653&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=26653&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=26653&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=26653&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=26653&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=26653&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=26653&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=26653&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=26653&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=26653&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=26653&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=26653&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=26653&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26653&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=26653&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=26653&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=26653&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26653&r=float

Reply via email to