#37476 [Fbk->Opn]: is_readable(), file_exists() have problem with open_basedir
ID: 37476 User updated by: info at wiredtek dot info Reported By: info at wiredtek dot info -Status: Feedback +Status: Open Bug Type: *Directory/Filesystem functions Operating System: Linux PHP Version: 5.1.4 New Comment: i'm not able to test the 5.2cvs version because i'm using gentoo linux distro, so unless a working ebuild i'm not able to test it. However i'll try a manual installation Previous Comments: [2006-05-17 13:59:09] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip Seems to work fine. [2006-05-17 13:11:19] info at wiredtek dot info Description: the function is_readable() and file_exists() report open_basedir restriction also on files that are inside the open_basedir, showing a warning on the screen, such as: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css) is not within the allowed path(s): (/usr/share/php/:/var/www/ineluttabile.it/equilibrium/:/tmp/) in /var/www/ineluttabile.it/equilibrium/http-docs/cryolibs/core/core.common.php on line 582 the previous warning tell that file /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css is not into the open_basedir, but the dir: /var/www/ineluttabile.it/equilibrium/ is specified into the open_basedir statement, so the warning must not be showed. Investigating more deeply i have noticed that the warning do not happen for 'all' the files involved with the function file_exists() or is_readable(), but only for that files that do not exists. Infact, checking /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css the file do not exists, and file_exists() return correctly a FALSE value, but the warning do not have any meaning (IMHO), maybe have a mean for the function is_readable(), but not for file_exists() and however, the file is inside the open_basedir restriction so it is a non sense warning. -- Edit this bug report at http://bugs.php.net/?id=37476&edit=1
#37476 [NEW]: is_readable(), file_exists() have problem with open_basedir
From: info at wiredtek dot info Operating system: Linux PHP version: 5.1.4 PHP Bug Type: *Directory/Filesystem functions Bug description: is_readable(), file_exists() have problem with open_basedir Description: the function is_readable() and file_exists() report open_basedir restriction also on files that are inside the open_basedir, showing a warning on the screen, such as: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css) is not within the allowed path(s): (/usr/share/php/:/var/www/ineluttabile.it/equilibrium/:/tmp/) in /var/www/ineluttabile.it/equilibrium/http-docs/cryolibs/core/core.common.php on line 582 the previous warning tell that file /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css is not into the open_basedir, but the dir: /var/www/ineluttabile.it/equilibrium/ is specified into the open_basedir statement, so the warning must not be showed. Investigating more deeply i have noticed that the warning do not happen for 'all' the files involved with the function file_exists() or is_readable(), but only for that files that do not exists. Infact, checking /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css the file do not exists, and file_exists() return correctly a FALSE value, but the warning do not have any meaning (IMHO), maybe have a mean for the function is_readable(), but not for file_exists() and however, the file is inside the open_basedir restriction so it is a non sense warning. -- Edit bug report at http://bugs.php.net/?id=37476&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=37476&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=37476&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=37476&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=37476&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=37476&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=37476&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=37476&r=needscript Try newer version:http://bugs.php.net/fix.php?id=37476&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=37476&r=support Expected behavior:http://bugs.php.net/fix.php?id=37476&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=37476&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=37476&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=37476&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37476&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=37476&r=dst IIS Stability:http://bugs.php.net/fix.php?id=37476&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=37476&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=37476&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=37476&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=37476&r=mysqlcfg
#34656 [Com]: open_basedir restriction in effect although paths are set correctly
ID: 34656 Comment by: info at wiredtek dot info Reported By: wolfram at schlich dot org Status: Feedback Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment: same problem here with php 5.0.5 on a Gentoo box and apache 2.0.54 for each virtual hosts i set the open_basedir via Apache conf: ServerName xx DocumentRoot "/home/administrator/" php_admin_value open_basedir .:/home/administrator/:/usr/share/php (php.ini: no open_basedir specified, include_path = ".:/usr/share/php/", no safe mode) all work with php 4.3.11, but upgrading to php 5.0.5 i give a lot of warnings about open_basedir restrictions in /usr/share/php. in /usr/share/php there is the PEAR classes repository. php 4.x is able to include PEAR classes from /usr/share/php, but php5 is able to pick up only first level files, not the one present in the subfolders; for example php5 is able to include /usr/share/php/PEAR.php but not /usr/share/XML/Serializer.php showing me the open_basedir restrictions. I can fix the problem with php_admin_value open_basedir none in the Apache configuration, but it is not safe, and it is not what i need. There is a patch for this? Previous Comments: [2005-11-04 16:04:24] jf at probe-networks dot de I can confirm this, PHP 4.4.1 seems to have major problems with (atleast) open_basedir. It seems to ignore path's set via httpd.conf. The following is from 4.4.1 using Confixx 3.1 (very famous server administration frontend): [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../settings.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 75 [04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction in effect. File(../functions.inc.php) is not within the allowed path(s): (/srv/www/htdocs/confixx) in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(../functions.inc.php): failed to open stream: Operation not permitted in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../functions.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76 [04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction in effect. File(../sessions.inc.php) is not within the allowed path(s): (/srv/www/htdocs/confixx) in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Warning: main(../sessions.inc.php): failed to open stream: Operation not permitted in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening '../sessions.inc.php' for inclusion (include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html') in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77 [04-Nov-2005 15:39:10] PHP Fatal error: Call to undefined function: db_connect() in /srv/www/htdocs/confixx/html/reseller/auth.php on line 79 reseller/auth.php: Starting Line 73:$PHP_AUTH_USER = $PHP_AUTH_PW = ''; include("../settings.inc.php"); include("../functions.inc.php"); include('../sessions.inc.php'); db_connect($db_host, $db_user, $db_pass); sessao_start(); [2005-11-02 14:43:40] troy at riq dot qc dot ca Hi, I always have open_basedir set to "/webdir/htdocs/" in the php.ini and for each website, a more precise open_basedir like "/webdir/htdocs/site1" set in httpd.conf. With 4.3.11 that work like I expect. [2005-11-01 22:34:00] [EMAIL PROTECTED] Does it work if you set the open_basedir in php.ini ? [2005-11-01 22:19:12] troy at riq dot qc dot ca I just backtrack to a old version because 4.4.1 seem buggy with open_basedir. "../scripts/Connect.php" is in the open_basedir but 4.4.1 refuse it. BTW, the open_basedir is set via apache httpd.conf and have always work. PHP Warning: main(): open_basedir restriction in effect. File(../scripts/Connect.php) is not within the allowed path(s): (/webdir/htdocs/site3/) in /webdir/htdocs/site3/something/page.php on line 2 PHP Warning: main(../scripts/Connect.php): failed to open stream: Operation not permitted in /webdir/htdocs/site3/something/page.php on line 2 PHP Warning: main(): Failed opening '../scrip