ID: 26653 Updated by: [EMAIL PROTECTED] Reported By: eddyleo777 at hotmail dot com -Status: Verified +Status: Closed Bug Type: *Directory/Filesystem functions Operating System: Win32 PHP Version: 4CVS, 5CVS New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2004-02-09 17:58:40] scottmacvicar at ntlworld dot com When the value in php.ini has no trailing slash or a slash which differs from the value of PHP_DIR_SEPARATOR the condition on line 135 against the path fails, causing the function not to add the trailing slash to the resolved_basedir value. I also noticed that if the condition was to work it would only append / to the resolved_basedir / resolved_name when it should in fact append PHP_DIR_SEPARATOR. Patch --- diff -u fopen_wrappers.c fopen_wrappers.c.patched --- fopen_wrappers.c 2004-02-09 22:47:35.000000000 +0000 +++ fopen_wrappers.c.patched 2004-02-09 22:49:14.000000000 +0000 @@ -132,15 +132,15 @@ if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) && (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); - if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR && resolved_basedir[resolved_basedir_len -1] != PHP_DIR_SEPARATOR) { - resolved_basedir[resolved_basedir_len] = '/'; + if (resolved_basedir[resolved_basedir_len -1] != PHP_DIR_SEPARATOR) { + resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { - resolved_name[resolved_name_len] = '/'; + resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; resolved_name[++resolved_name_len] = '\0'; } } ------------------------------------------------------------------------ [2003-12-17 12:12:44] eddyleo777 at hotmail dot com Description: ------------ test.php <?php fopen("c:/apache/user_security/passwd", "r"); ?> php.ini open_basedir = "c:\apache\user\" ;work open_basedir = "c:/apache/user" ;it does not work open_basedir = "c:/apache/user/" ;it does not work Reproduce code: --------------- php4-200312171430/main/fopen_wrappers.c on line 133 /* Handler for basedirs that end with a / */ if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR) { resolved_basedir_len = strlen(resolved_basedir); resolved_basedir[resolved_basedir_len] = '/'; resolved_basedir[++resolved_basedir_len] = '\0'; } else { resolved_basedir_len = strlen(resolved_basedir); } if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); resolved_name[resolved_name_len] = '/'; resolved_name[++resolved_name_len] = '\0'; } Expected result: ---------------- the introduced solution not work. interpret this possible solution please. php4-200312171430/main/fopen_wrappers.c on line 133 /* Handler for basedirs that end with a / */ if (???is_dir???(resolved_basedir)) { resolved_basedir_len = strlen(resolved_basedir); resolved_basedir[resolved_basedir_len] =PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } else { resolved_basedir_len = strlen(resolved_basedir); } if (???is_dir???(resolved_name)) { resolved_name_len = strlen(resolved_name); resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; resolved_name[++resolved_name_len] = '\0'; } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26653&edit=1
