ID: 38963 Updated by: [EMAIL PROTECTED] Reported By: manuel at mausz dot at -Status: Assigned +Status: Closed Bug Type: Filesystem function related Operating System: Linux/Gentoo PHP Version: 4.4.4 Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2006-09-26 18:45:31] manuel at mausz dot at Ok, here is the detailed problem: If tempnam() will be called with an empty string, expand_filepath() (called from php_check_specific_open_basedir()) will expand this string to cwd. The cwd is most probably in open_basedir, so php_check_specific_open_basedir succeeds. tempnam() will then call php_open_temporary_file() which includes an fallback to php_get_temporary_directory(). In most apache setups, php is not able to write to the cwd (cause of safe_mode), so php_open_temporary_file() will fallback. This is not the case when using client, so php -d open_basedir=`pwd` -r 'var_dump(tempnam(false, "temp"));' works. ------------------------------------------------------------------------ [2006-09-26 16:03:30] [EMAIL PROTECTED] Make sure your phpinfo() display the expected value of open_basedir. Turn on display_errors etc. It doesn't depend on the server API in any way. ------------------------------------------------------------------------ [2006-09-26 15:58:57] manuel at mausz dot at Please try using mod_php. Using the client also don't work for me. Oh and just to be sure: - tried with safe_mode on + off - open_basedir does _not_ include /tmp ;) ------------------------------------------------------------------------ [2006-09-26 15:30:39] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Cannot reproduce: # ./sapi/cli/php -r 'var_dump(tempnam(false, "temp"));' Warning: tempnam(): open_basedir restriction in effect. File() is not within the allowed path(s): (/www) in Command line code on line 1 bool(false) ------------------------------------------------------------------------ [2006-09-26 15:19:47] manuel at mausz dot at Description: ------------ tempnam bypasses open_basedir if dir = false Reproduce code: --------------- <?php $tempfile = tempnam(false, "phptest"); ?> Expected result: ---------------- Warning: tempnam() [function.tempnam]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (...) in Actual result: -------------- # ls /tmp/phptest* /tmp/phptestt4mIOa ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38963&edit=1