ID: 14076
Comment by: [EMAIL PROTECTED]
Old Reported By: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: *Directory/Filesystem functions
Operating System: Linux
PHP Version: 4.0.6
New Comment:
This problem has nothing to do with wrong file/directory modes. I'm
quite sure that it is a bug in the PHP-realpath-code.
Please consider the following setup layout:
/var/www/ = symlink to /mnt/sda1/www
/var/www/domain.com = apache document_root = php open_basedir
/var/www/domain.com/test.html = test file for fopen()
I've added some debug code to fopen_wrappers.c :
php_error(E_NOTICE, "check_specific_open_basedir ( comparing resolved
name %s to resolved_basedir %s )", resolved_name, resolved_basedir);
if (strncmp(resolved_basedir, resolved_name, strlen(resolved_basedir))
== 0) {
Trying to fopen("/var/www/domain.com/test.html") results
in two cases:
1. /var/www/domain.com/test.html already exists
PHP Warning: check_specific_open_basedir ( comparing resolved name
/mnt/sda1/www/domain.com/test.html to resolved_basedir
/mnt/sda1/www/domain.com/test.html )
-> fopen() succeeds
2. /var/www/domain.com/test.html does *not* exist
PHP Warning: check_specific_open_basedir ( comparing resolved name
/var/www/domain.com/test.html to resolved_basedir
/mnt/sda1/www/domain.com/test.html )
-> fopen() fails with "open basedir restriction in effect"-error
As you can see in the debug output, PHP does not correctly
expand the file path if the file does not exists !
Trying to fopen("/mnt/sda1/www/domain.com/test.html") always
succeeds because PHP does not need to expand the filename anymore
(-> strncmp is always true ).
Hajo
(Linux 2.2 - PHP 4.0.6 - afaik the problem still exists in 4.1.X)
Previous Comments:
------------------------------------------------------------------------
[2001-11-19 13:50:10] [EMAIL PROTECTED]
Well, the fact that it can create a *new directory* in the same
directory, already means that the apache process has sufficient
permissions to also create a file in it. However, these are the
permissions:
webedit@penguin:/var/www/tmp/submit$ ls -lad ./
drwxrwx--- 18 webedit www 4096 Nov 15 19:13 ./
Apache runs as user `www', and the scripts are owned by user `webedit'.
Note that the directory is owned by the same user as the script, and
writeable to Apache, so the requirements of safe mode are met.
Thank you for your response.
--
Arcady Genkin
------------------------------------------------------------------------
[2001-11-19 12:37:01] [EMAIL PROTECTED]
Post please the
mod of your directory and tell me the
user and group of your apache. Maybe the apache dont have
rights to create a new file in your directory but he owns the newfile
and can remove/edit this file.
------------------------------------------------------------------------
[2001-11-15 18:53:16] [EMAIL PROTECTED]
Under safe mode, fopen("filename", "w") fails to create a file if it
doesn't exist, complaining about open_basedir restriction. However,
the filename refers to the file in the directory configured in the
open_basedir. Besides, if the same file is created manually, fopen()
can open it for writing without any problems. The directory is
writeable to the web server.
$dir = '/var/www/tmp/submit';
// Fails if the file doesn't exist.
// Succeeds if the file does exist
fopen( "$dir/file.txt", "w" ); // Fails if the file doesn't exist.
mkdir( "$dir/foo", 0700 ); // SUCCEEDS!!! Notice the same path.
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14076&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
