ID: 36297 User updated by: smartgenius1 at yahoo dot com Reported By: smartgenius1 at yahoo dot com Status: Bogus Bug Type: Safe Mode/open_basedir Operating System: Windows PHP Version: 5.1.2 New Comment:
Sir, you must not be reading it correctly. I have open_basedir set to "."; which should only allow functions to access files in the current directory and under. I am able to change the directory to an above directory with chdir(); that is NOT a file in the cwd or lower. I can have a script working in System/Files/script.php with open_basedir set to "."; I cannot do include("../anyfile.php"); file("../anyfile.php"); or any other thing that access the above directory... so why can I do chdir("../"); include("anyfile.php"); ? The chdir() function should check to make sure that the directory argument is within the allowed paths of open_basedir; which it doesnt. Hope this clarifys my concern. ~Sean Previous Comments: ------------------------------------------------------------------------ [2006-02-05 20:41:55] [EMAIL PROTECTED] What Derick said. ------------------------------------------------------------------------ [2006-02-05 20:30:45] smartgenius1 at yahoo dot com I said i can reach UPPER LEVEL directories. (../) Any other file system functions wont let me do that. Just chdir(). ------------------------------------------------------------------------ [2006-02-05 20:29:05] [EMAIL PROTECTED] No bug here. ------------------------------------------------------------------------ [2006-02-05 20:28:27] [EMAIL PROTECTED] And what if you try to set it to the real path instead of "."? I doubt that PHP is able to distinguish "." when you're in /path/1 from "." when you're in "/another/path". ------------------------------------------------------------------------ [2006-02-05 20:27:52] [EMAIL PROTECTED] Well.... "." is the current working directory, so ofcourse you can read it then... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36297 -- Edit this bug report at http://bugs.php.net/?id=36297&edit=1