ID:               34656
 Comment by:       jf at probe-networks dot de
 Reported By:      wolfram at schlich dot org
 Status:           No Feedback
 Bug Type:         Safe Mode/open_basedir
 Operating System: Linux 2.2.16 i586
 PHP Version:      4.4.1
 New Comment:

Please reopen.


Previous Comments:
------------------------------------------------------------------------

[2005-11-09 01:00:02] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

------------------------------------------------------------------------

[2005-11-08 11:36:25] jf at probe-networks dot de

It seems the problem exists when dealing with paths which include "..".
When using relative paths the problem seems not to occur.

------------------------------------------------------------------------

[2005-11-04 17:35:54] jf at probe-networks dot de

Btw, i've also tried the snapshots (4.4.2-dev) from snaps.php.net, but
these also do not fix the bug.

------------------------------------------------------------------------

[2005-11-04 16:32:38] info at wiredtek dot info

same problem here with php 5.0.5 on a Gentoo box and apache 2.0.54

for each virtual hosts i set the open_basedir via Apache conf:

<VirtualHost *:80>
ServerName xxxxxx
DocumentRoot "/home/administrator/"
php_admin_value open_basedir .:/home/administrator/:/usr/share/php
</VirtualHost>

(php.ini: no open_basedir specified, include_path =
".:/usr/share/php/", no safe mode)

all work with php 4.3.11, but upgrading to php 5.0.5 i give a lot of
warnings about open_basedir restrictions in /usr/share/php.

in /usr/share/php there is the PEAR classes repository.
php 4.x is able to include PEAR classes from /usr/share/php, but php5
is able to pick up only first level files, not the one present in the
subfolders; for example php5 is able to include /usr/share/php/PEAR.php
but not /usr/share/XML/Serializer.php showing me the open_basedir
restrictions.

I can fix the problem with 

php_admin_value open_basedir none

in the Apache configuration, but it is not safe, and it is not what i
need.

There is a patch for this?

------------------------------------------------------------------------

[2005-11-04 16:04:24] jf at probe-networks dot de

I can confirm this, PHP 4.4.1 seems to have major problems with
(atleast) open_basedir. It seems to ignore path's set via httpd.conf.
The following is from 4.4.1 using Confixx 3.1 (very famous server
administration frontend):

[04-Nov-2005 15:39:10] PHP Warning:  main(): Failed opening
'../settings.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 75
[04-Nov-2005 15:39:10] PHP Warning:  main(): open_basedir restriction
in effect. File(../functions.inc.php) is not within the allowed
path(s): (/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning:  main(../functions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning:  main(): Failed opening
'../functions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning:  main(): open_basedir restriction
in effect. File(../sessions.inc.php) is not within the allowed path(s):
(/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning:  main(../sessions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning:  main(): Failed opening
'../sessions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Fatal error:  Call to undefined function: 
db_connect() in /srv/www/htdocs/confixx/html/reseller/auth.php on line
79

reseller/auth.php:
Starting Line 73:$PHP_AUTH_USER = $PHP_AUTH_PW = '';
 
include("../settings.inc.php");
include("../functions.inc.php");
include('../sessions.inc.php');
        
db_connect($db_host, $db_user, $db_pass);
        
sessao_start();

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/34656

-- 
Edit this bug report at http://bugs.php.net/?id=34656&edit=1

Reply via email to