ID: 41518 Comment by: phpbugs at thequod dot de Reported By: ruben dot willmes at emil2001 dot de Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux PHP Version: 5.2.2 New Comment:
This might be related to bug #39123, where open_basedir=/tmp/ started to fail, as internally only "/tmp" (without trailing slash) got considered. (http://bugs.php.net/bug.php?id=39123) Previous Comments: ------------------------------------------------------------------------ [2007-05-31 12:40:31] ruben dot willmes at emil2001 dot de Your example is correct, that does work, but what if you change the following: Instead of #php -d open_basedir=/tmp -r 'var_dump(file_exists("/tmp/nosuch"));' try #php -d open_basedir=/tmp/ -r 'var_dump(file_exists("/tmp/nosuch"));' Notice the slash behind "open_basedir=/tmp/". With that you get Warning: file_exists(): open_basedir restriction in effect. File(/tmp/ nosuch) is not within the allowed path(s): (/tmp/) in Command line code on line 1 bool(false) ------------------------------------------------------------------------ [2007-05-31 11:06:13] [EMAIL PROTECTED] I don't think I get what you're talking about: # ls -l /tmp/nosuch ls: cannot access /tmp/nosuch: No such file or directory #php -d open_basedir=/tmp -r 'var_dump(file_exists("/tmp/nosuch"));' bool(false) No warning whatsoever. ------------------------------------------------------------------------ [2007-05-30 20:20:58] ruben dot willmes at emil2001 dot de Sorry, but i have to reopen this bug again. Thx for the reply, Tony, but i don't think you understood me. I don't want to generally remove this error message, it's just under your OWN open_basedir, where you shouldn't get this message since you should be able to check whether the file exists under your OWN open_basedir, or am i wrong? Let's make an example: Two users, user1 and user2, both locked in their homedirs with open_basedir: /home/user1/ /home/user2/ Both have one file in their directory, let's call it test.php Now, if user1 checks whether test.php exists, he get's a true, as well as user2. If user1 checks user2's test.php, he'll get a false and an open_basedir warning since he's out of his open_basedir. That's correct. But what if user1 checks a file called test2.php under his own directory, /home/user1/? Should he get an open_basedir error? In my eyes he should only get a 'false' as the file does not exist, but no open_basedir warning, since he's still in his own open_basedir. In the recent PHP5 release (5.2.2) one get's an open_basedir warning if you check a non-existent file under your OWN open_basedir. In a previous release the message was not present (i think it was 5.2.0 or 5.2.1). so, please reconsider this bug ------------------------------------------------------------------------ [2007-05-29 20:39:47] [EMAIL PROTECTED] If we remove this warning for non-existent files, it could be possible to use file_exists() to detect which files exists (since it's perfectly legal to print this warning when the file exists). ------------------------------------------------------------------------ [2007-05-29 06:58:06] ruben dot willmes at emil2001 dot de You're right, it does work correctly if i set my open_basedir to '/var/ www/localhost/htdocs' (without the trailing slash). But if i set it to '/var/www/localhost/htdocs/' (with the trailing slash), it doesn't work in my test case. Could you please try it once more setting your open_basedir to '/www/home/user/' (with the trailing slash)? The system this is running on is PHP 5.2.2, with Apache 2.0.58. thx in advance ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/41518 -- Edit this bug report at http://bugs.php.net/?id=41518&edit=1
