#34050 [NEW]: safe_mode_include_dir isn't honored

Tue, 09 Aug 2005 07:57:09 -0700 

From:             wolfram at schlich dot org
Operating system: Linux 2.6.12-gentoo-r4 x86_64
PHP version:      5CVS-2005-08-09 (dev)
PHP Bug Type:     Safe Mode/open_basedir
Bug description:  safe_mode_include_dir isn't honored

Description:
------------
when safe_mode is active, I want to be able to include files from certain
directories without checking for their UID/GID.

Reproduce code:
---------------
--8<--[ php.ini ]--8<--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/share/php/:/usr/lib/php/"
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8<--[ apache vhost config ]--8<--
php_value include_path ".:/usr/share/php:/usr/lib/php"
--8<--[ sample php script ]--8<--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8<--

Expected result:
----------------
included file, no error message.

Actual result:
--------------
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19

-- 
Edit bug report at http://bugs.php.net/?id=34050&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34050&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34050&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34050&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34050&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34050&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34050&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34050&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34050&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34050&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34050&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34050&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34050&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34050&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34050&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34050&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34050&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34050&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34050&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34050&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34050&r=mysqlcfg

Reply via email to