ID: 11940 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Documentation problem Operating System: Solaris 8/sparc PHP Version: 4.0.6 New Comment:
This has been clarified in the docs: http://cvs.php.net/cvs.php/phpdoc/en/features/safe-mode.xml Thanks for the report :) Previous Comments: ------------------------------------------------------------------------ [2001-07-07 01:41:02] [EMAIL PROTECTED] Jason, thanks for the clarification. I apologize for persistence, but I'm re-opening the bug under the different category. There are two issues here now: 1. The documentation does not describe this configuration option clearly. It only talks about (quote) "When a script tries to open a file...". It should mention that the restriction applies to the script itself. The first sentence may imply this, but only very vaguely. http://www.php.net/manual/en/configuration.php 2. The error message logged by PHP is not helpful. It talks about opening file for inclusion, which actually is probably what let into confusion even you when you replied to this bug in the first place. Also, the words "Unknown" in both sentences of the error message are not very helpful, too. Thanks again, -- Arcady Genkin ------------------------------------------------------------------------ [2001-07-06 23:26:52] [EMAIL PROTECTED] Sorry, I wrote that in a hurry. ANY file open operation performed by php has to be in open_basedir. ( Including your main script. ) This is actually by design. -Jason ------------------------------------------------------------------------ [2001-07-06 18:25:15] [EMAIL PROTECTED] I may be missing something, but there is no include() or any other file-related operation in the sample script that I posted. All it has is 'echo "hello"'. ------------------------------------------------------------------------ [2001-07-06 17:43:40] [EMAIL PROTECTED] This is not a bug, include calls a file open operation, and as such must be in the open_basedir path -Jason ------------------------------------------------------------------------ [2001-07-06 17:36:45] [EMAIL PROTECTED] safe_mode = On doc_root = /homes/u0/apache open_basedir = "/var/www/htdocs/workathome:/var/www/secure:/var/www/tmp" (/var/www is a symlink for /homes/u0/apache) In such a setting I should be able to execute PHP scripts from any directory under /homes/u0/apache, but not access any files unless they are under one of the directories in open_basedir. However, I cannot place any scripts in, say, /homes/u0/apache/cdf/deadlines/. A minimal file foo.php, saved there, containing only: <?php echo "<html><body>Hello</body></html>"; ?> Results in the script not executed, with the following error messages: [Fri Jul 6 17:24:53 2001] [error] PHP Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0 [Fri Jul 6 17:24:53 2001] [error] PHP Warning: Failed opening '/homes/u0/apache/htdocs/cdf/deadlines/foo.php' for inclusion (include_path='') in Unknown on line 0 open_basedir's documentation says that it should only restrict directories from where a file can be opened by a PHP script. http://www.php.net/manual/en/configuration.php Many thanks, -- Arcady Genkin ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=11940&edit=1 -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
