ID: 31514 Updated by: [EMAIL PROTECTED] Reported By: kameshj at fastmail dot fm -Status: Open +Status: Closed Bug Type: Safe Mode/open_basedir Operating System: * PHP Version: 4.3.10, 5.0.3 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-01-12 13:42:37] kameshj at fastmail dot fm Description: ------------ Keep the following subapp/main.php, lib/reuse.php in a directory under DocumentRoot Access http://your_web_server/subapp/main.php Analysis --------------- In php-src/main/fopen_wrappers.c, php_check_specific_open_basedir function has a code like this at the top if ((strcmp(basedir, ".") == 0) && SG(request_info).path_translated && *SG(request_info).path_translated Which I feel to be if ((strcmp(basedir, ".") == 0) && SG(request_info).path_translated && *SG(request_info).path_translated This should have been just, if (strcmp(basedir, ".") == 0) local_open_basedir need to have been copied from CWDG(cwd) The patch is against php-5.1 head is available at http://puggy.symonds.net/~kameshj/fopen_wrappers.c.patch Reproduce code: --------------- subapp/main.php ------------------ <?php chdir(".."); echo __FILE__; echo "\n<br>\n"; include("./lib/reuse.php"); ?> lib/reuse.php ------------------ <?php echo __FILE__; echo "\n<br>"; ?> Expected result: ---------------- Absolute_path_of_your_document_root/subapp/main.php <br> Absolute_path_of_your_document_root/lib/reuse.php <br> Actual result: -------------- Absolute_path_of_your_document_root/subapp/main.php ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31514&edit=1
