#37555 [NEW]: chdir() does not use file protocol stream wrappers

Mon, 22 May 2006 18:37:01 -0700 

From:             jb at jbpros dot com
Operating system: GNU/Linux Gentoo
PHP version:      5.1.4
PHP Bug Type:     Streams related
Bug description:  chdir() does not use file protocol stream wrappers

Description:
------------
chdir() seems to not use streams to validate the passed path. When one
defines a custom wrapper for the file:// scheme, it can be problematic.

For example, my custom file:// wrapper is acting like a root jail, "/"
being mapped to some directory on disk. This was needed to prevent XML
documents xinclude()'ing stuffs outside of the authorized directory, among
other things. It works very well except that I'm forced to set the CWD to
"/" as other jailed directories are reported as "not found" by PHP.

Example:

If "/srv/www/jail" is the root jail "/srv/www/jail/data/file.xml" is
accessible within the script under the path "/data/file.xml". There I have
no way to set the CWD to /data if the real on-disk "/data" path doesn't
exist.

Maybe this behavior should not change for some reason, but this is a use
case where it would be nice.


-- 
Edit bug report at http://bugs.php.net/?id=37555&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=37555&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=37555&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=37555&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=37555&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=37555&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=37555&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=37555&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=37555&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=37555&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=37555&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=37555&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=37555&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=37555&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=37555&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=37555&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=37555&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=37555&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=37555&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=37555&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=37555&r=mysqlcfg

Reply via email to