ID: 34656 Comment by: jf at probe-networks dot de Reported By: wolfram at schlich dot org Status: No Feedback Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment:
Please reopen. Previous Comments: ------------------------------------------------------------------------ [2005-11-09 01:00:02] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2005-11-08 11:36:25] jf at probe-networks dot de It seems the problem exists when dealing with paths which include "..". When using relative paths the problem seems not to occur. ------------------------------------------------------------------------ [2005-11-04 17:35:54] jf at probe-networks dot de Btw, i've also tried the snapshots (4.4.2-dev) from snaps.php.net, but these also do not fix the bug. ------------------------------------------------------------------------ [2005-11-04 16:32:38] info at wiredtek dot info same problem here with php 5.0.5 on a Gentoo box and apache 2.0.54 for each virtual hosts i set the open_basedir via Apache conf: <VirtualHost *:80> ServerName xxxxxx DocumentRoot "/home/administrator/" php_admin_value open_basedir .:/home/administrator/:/usr/share/php </VirtualHost> (php.ini: no open_basedir specified, include_path = ".:/usr/share/php/", no safe mode) all work with php 4.3.11, but upgrading to php 5.0.5 i give a lot of warnings about open_basedir restrictions in /usr/share/php. in /usr/share/php there is the PEAR classes repository. php 4.x is able to include PEAR classes from /usr/share/php, but php5 is able to pick up only first level files, not the one present in the subfolders; for example php5 is able to include /usr/share/php/PEAR.php but not /usr/share/XML/Serializer.php showing me the open_basedir restrictions. I can fix the problem with php_admin_value open_basedir none in the Apache configuration, but it is not safe, and it is not what i need. There is a patch for this? ------------------------------------------------------------------------ [2005-11-04 16:04:24] jf at probe-networks dot de I can confirm this, PHP 4.4.1 seems to have major problems with (atleast) open_basedir. It seems to ignore path's set via httpd.conf. The following is from 4.4.1 using Confixx 3.1 (very famous server administration frontend): [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../settings.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 75 [04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction in effect. File(../functions.inc.php) is not within the allowed path(s): (/srv/www/htdocs/confixx) in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(../functions.inc.php): failed to open stream: Operation not permitted in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../functions.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction in effect. File(../sessions.inc.php) is not within the allowed path(s): (/srv/www/htdocs/confixx) in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Warning: main(../sessions.inc.php): failed to open stream: Operation not permitted in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../sessions.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Fatal error: Call to undefined function: db_connect() in /srv/www/htdocs/confixx/html/reseller/auth.php on line 79 reseller/auth.php: Starting Line 73:$PHP_AUTH_USER = $PHP_AUTH_PW = ''; include("../settings.inc.php"); include("../functions.inc.php"); include('../sessions.inc.php'); db_connect($db_host, $db_user, $db_pass); sessao_start(); ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34656 -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1