ID: 34656
Comment by: jf at probe-networks dot de
Reported By: wolfram at schlich dot org
Status: No Feedback
Bug Type: Safe Mode/open_basedir
Operating System: Linux 2.2.16 i586
PHP Version: 4.4.1
New Comment:
Please reopen.
Previous Comments:
------------------------------------------------------------------------
[2005-11-09 01:00:02] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2005-11-08 11:36:25] jf at probe-networks dot de
It seems the problem exists when dealing with paths which include "..".
When using relative paths the problem seems not to occur.
------------------------------------------------------------------------
[2005-11-04 17:35:54] jf at probe-networks dot de
Btw, i've also tried the snapshots (4.4.2-dev) from snaps.php.net, but
these also do not fix the bug.
------------------------------------------------------------------------
[2005-11-04 16:32:38] info at wiredtek dot info
same problem here with php 5.0.5 on a Gentoo box and apache 2.0.54
for each virtual hosts i set the open_basedir via Apache conf:
<VirtualHost *:80>
ServerName xxxxxx
DocumentRoot "/home/administrator/"
php_admin_value open_basedir .:/home/administrator/:/usr/share/php
</VirtualHost>
(php.ini: no open_basedir specified, include_path =
".:/usr/share/php/", no safe mode)
all work with php 4.3.11, but upgrading to php 5.0.5 i give a lot of
warnings about open_basedir restrictions in /usr/share/php.
in /usr/share/php there is the PEAR classes repository.
php 4.x is able to include PEAR classes from /usr/share/php, but php5
is able to pick up only first level files, not the one present in the
subfolders; for example php5 is able to include /usr/share/php/PEAR.php
but not /usr/share/XML/Serializer.php showing me the open_basedir
restrictions.
I can fix the problem with
php_admin_value open_basedir none
in the Apache configuration, but it is not safe, and it is not what i
need.
There is a patch for this?
------------------------------------------------------------------------
[2005-11-04 16:04:24] jf at probe-networks dot de
I can confirm this, PHP 4.4.1 seems to have major problems with
(atleast) open_basedir. It seems to ignore path's set via httpd.conf.
The following is from 4.4.1 using Confixx 3.1 (very famous server
administration frontend):
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../settings.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 75
[04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction
in effect. File(../functions.inc.php) is not within the allowed
path(s): (/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(../functions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../functions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction
in effect. File(../sessions.inc.php) is not within the allowed path(s):
(/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning: main(../sessions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../sessions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Fatal error: Call to undefined function:
db_connect() in /srv/www/htdocs/confixx/html/reseller/auth.php on line
79
reseller/auth.php:
Starting Line 73:$PHP_AUTH_USER = $PHP_AUTH_PW = '';
include("../settings.inc.php");
include("../functions.inc.php");
include('../sessions.inc.php');
db_connect($db_host, $db_user, $db_pass);
sessao_start();
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/34656
--
Edit this bug report at http://bugs.php.net/?id=34656&edit=1
