From: kameshj at fastmail dot fm Operating system: Irrelevant PHP version: Irrelevant PHP Bug Type: Scripting Engine problem Bug description: . in open_basedir always translates SG(path_translated) rather than CWDG(cwd)
Description: ------------ Keep the following subapp/main.php, lib/reuse.php in a directory under DocumentRoot Access http://your_web_server/subapp/main.php Analysis --------------- In php-src/main/fopen_wrappers.c, php_check_specific_open_basedir function has a code like this at the top if ((strcmp(basedir, ".") == 0) && SG(request_info).path_translated && *SG(request_info).path_translated Which I feel to be if ((strcmp(basedir, ".") == 0) && SG(request_info).path_translated && *SG(request_info).path_translated This should have been just, if (strcmp(basedir, ".") == 0) local_open_basedir need to have been copied from CWDG(cwd) The patch is against php-5.1 head is available at http://puggy.symonds.net/~kameshj/fopen_wrappers.c.patch Reproduce code: --------------- subapp/main.php ------------------ <?php chdir(".."); echo __FILE__; echo "\n<br>\n"; include("./lib/reuse.php"); ?> lib/reuse.php ------------------ <?php echo __FILE__; echo "\n<br>"; ?> Expected result: ---------------- Absolute_path_of_your_document_root/subapp/main.php <br> Absolute_path_of_your_document_root/lib/reuse.php <br> Actual result: -------------- Absolute_path_of_your_document_root/subapp/main.php -- Edit bug report at http://bugs.php.net/?id=31514&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31514&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31514&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31514&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=31514&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=31514&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31514&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31514&r=needscript Try newer version: http://bugs.php.net/fix.php?id=31514&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31514&r=support Expected behavior: http://bugs.php.net/fix.php?id=31514&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31514&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31514&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=31514&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31514&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=31514&r=dst IIS Stability: http://bugs.php.net/fix.php?id=31514&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31514&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31514&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31514&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31514&r=mysqlcfg
