ID: 39073 Updated by: [EMAIL PROTECTED] Reported By: jim at centerfuse dot net -Status: Open +Status: Bogus Bug Type: Safe Mode/open_basedir Operating System: FreeBSD 4.11 PHP Version: 5.1.6 New Comment:
The ini directive is called safe_mode_*INCLUDE*_dir. Please read what it's used for: http://www.php.net/manual/en/features.safe-mode.php Previous Comments: ------------------------------------------------------------------------ [2006-10-07 19:19:12] jim at centerfuse dot net This bug does not seem to affect require_once(), require(), or include(), which are still able to access the file from a different UID (as long as safe_mode_include_dir is set as it should be). However, other file operations such as file_exists and fopen fail. In the example below, note that the include() succeeds because the output does say "this is the test file" ==== CODE ==== // // safe_mode_include_dir is /home/php_include_test // // the file /home/php_include_test/test // simply says "this is the test file<br />" $test_file = '/home/php_include_test/test'; include($test_file); if ( file_exists($test_file) ) { echo 'Test file exists.<br />'; } else { echo 'Test file does not exist<br />'; } if ( is_readable($test_file) ) { echo 'Test file is readable.<br />'; } else { echo 'Test file not readable<br />'; } if ( $fp = fopen($test_file, 'r') ) { echo 'Test file opened for read.<br />'; fclose($fp); } else { echo 'Test file could not be opened for read<br />'; } ======= OUTPUT ======= this is the test file Test file does not exist Test file not readable Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 1010 is not allowed to access /home/php_include_test/test owned by uid 0 in /home/www/jim/public_html/jimtest.php on line 21 Warning: fopen(/home/php_include_test/test) [function.fopen]: failed to open stream: Inappropriate ioctl for device in /home/www/jim/public_html/jimtest.php on line 21 Test file could not be opened for read ------------------------------------------------------------------------ [2006-10-07 09:19:06] jim at centerfuse dot net get_cfg_var() and ini_get() both return the correct safe_mode_include_dir, but it seems to just be ignored. Just for good measure, I also tried using a different directory altogether, but got the same results. ------------------------------------------------------------------------ [2006-10-07 08:10:57] jim at centerfuse dot net note, the trailing parentheses that appears in my reproduce code after the safe_mode_include_dir is *not* present in php.ini, it was a typo. ------------------------------------------------------------------------ [2006-10-07 08:09:58] jim at centerfuse dot net Description: ------------ Just upgraded to php 5.1.6, and safe_mode_include_dir doesn't appear to be honored. I'm running with safe mode = On and one directory in the include_dir. Trying to include/fopen/etc any file from that directory results in a safemode UID restriction. phpinfo() shows that PHP is reading the correct configuration file and that it knows about safe_mode_include_dir. Reproduce code: --------------- //in php.ini: safe_mode_include_dir = "/usr/local/share/FUSE") $fp = fopen('/usr/local/share/FUSE/FUSE-main.php', 'r') Expected result: ---------------- fopen should return file pointer Actual result: -------------- Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 1006 is not allowed to access /usr/local/share/FUSE/FUSE-main.php owned by uid 0 in /home/context/public_html/test.php on line 13 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39073&edit=1
