This is almost an exact copy of a patch I had submitted in October of 2000.(before I became a contributor). I wonder if it is a copy? http://marc.theaimsgroup.com/?l=php-dev&m=97145490702792&w=2 This idea (and many others) was on hold to a cleaner redesign of safe_mode. -Jason ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 14, 2001 4:34 AM Subject: [PHP-DEV] Bug #10322 Updated: Logical error in fopen-wrappers.c > ID: 10322 > Updated by: jmoore > Reported By: [EMAIL PROTECTED] > Status: Open > Bug Type: PHP options/info functions > PHP Version: 4.0.4pl1 > Assigned To: > Comments: > > This will not make it into 4.0.5 as this was branched a while back but it might well >make it into 4.0.6. Ill get a developer to look at this patch. > > - James > > Previous Comments: > --------------------------------------------------------------------------- > > [2001-04-13 20:57:35] [EMAIL PROTECTED] > I thought, while I'm here, I'd submit a patch to fix this. > > The patch also includes support for an additional special case in php.ini's >open_basedir. > The current "." allows scripts to access files in the same directory as the script. > "DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's >directory tree. DOCUMENT_ROOT is calculated by PATH_TRANSLATED and removing SCRIPT_URI from the end - This conveniently works for both full Apache Virtalhosts and mod_aliased Mass virtual hosting (I don't know if this is true for the newer mod_vhost - just check what PATH_TRANSLATED and SCRIPT_URI is set to in phpinfo() - if removing the latter from the former is the sites docroot then you are away). > > Anyway, the patch: code shamelessly copied from the "." segment :) > > *** main/fopen-wrappers.c.orig Fri Apr 13 17:50:02 2001 > --- main/fopen-wrappers.c Sat Apr 14 01:46:28 2001 > *************** > *** 141,151 **** > char resolved_name[MAXPATHLEN]; > char resolved_basedir[MAXPATHLEN]; > char local_open_basedir[MAXPATHLEN]; > int local_open_basedir_pos; > SLS_FETCH(); > > /* Special case basedir==".": Use script-directory */ > ! if ((strcmp(PG(open_basedir), ".") == 0) && > SG(request_info).path_translated && > *SG(request_info).path_translated > ) { > --- 141,167 ---- > char resolved_name[MAXPATHLEN]; > char resolved_basedir[MAXPATHLEN]; > char local_open_basedir[MAXPATHLEN]; > + char *local_open_request_uri; > int local_open_basedir_pos; > SLS_FETCH(); > > + /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the > + * virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI > + * [EMAIL PROTECTED] > + */ > + if ((strcmp(basedir, "DOCUMENT_ROOT") == 0) && > + SG(request_info).path_translated && > + *SG(request_info).path_translated ) { > + /* Copy path_translated to local_open_basedir, the look in > + this string for where request_uri starts and zero that byte > + thus leaving local_open_basedir set to the virtualhost's > + DOCUMENT_ROOT */ > + strlcpy(local_open_basedir, SG(request_info).path_translated, si > zeof(local_open_basedir)); > + local_open_request_uri=strstr(local_open_basedir,SG(request_info > ).request_uri); > + if (local_open_request_uri) *local_open_request_uri = ' > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
