#37476 [Fbk->Opn]: is_readable(), file_exists() have problem with open_basedir
ID: 37476 User updated by: info at wiredtek dot info Reported By: info at wiredtek dot info -Status: Feedback +Status: Open Bug Type: *Directory/Filesystem functions Operating System: Linux PHP Version: 5.1.4 New Comment: i'm not able to test the 5.2cvs version because i'm using gentoo linux distro, so unless a working ebuild i'm not able to test it. However i'll try a manual installation Previous Comments: [2006-05-17 13:59:09] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip Seems to work fine. [2006-05-17 13:11:19] info at wiredtek dot info Description: the function is_readable() and file_exists() report open_basedir restriction also on files that are inside the open_basedir, showing a warning on the screen, such as: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css) is not within the allowed path(s): (/usr/share/php/:/var/www/ineluttabile.it/equilibrium/:/tmp/) in /var/www/ineluttabile.it/equilibrium/http-docs/cryolibs/core/core.common.php on line 582 the previous warning tell that file /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css is not into the open_basedir, but the dir: /var/www/ineluttabile.it/equilibrium/ is specified into the open_basedir statement, so the warning must not be showed. Investigating more deeply i have noticed that the warning do not happen for 'all' the files involved with the function file_exists() or is_readable(), but only for that files that do not exists. Infact, checking /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css the file do not exists, and file_exists() return correctly a FALSE value, but the warning do not have any meaning (IMHO), maybe have a mean for the function is_readable(), but not for file_exists() and however, the file is inside the open_basedir restriction so it is a non sense warning. -- Edit this bug report at http://bugs.php.net/?id=37476&edit=1
#37476 [NEW]: is_readable(), file_exists() have problem with open_basedir
From: info at wiredtek dot info Operating system: Linux PHP version: 5.1.4 PHP Bug Type: *Directory/Filesystem functions Bug description: is_readable(), file_exists() have problem with open_basedir Description: the function is_readable() and file_exists() report open_basedir restriction also on files that are inside the open_basedir, showing a warning on the screen, such as: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css) is not within the allowed path(s): (/usr/share/php/:/var/www/ineluttabile.it/equilibrium/:/tmp/) in /var/www/ineluttabile.it/equilibrium/http-docs/cryolibs/core/core.common.php on line 582 the previous warning tell that file /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css is not into the open_basedir, but the dir: /var/www/ineluttabile.it/equilibrium/ is specified into the open_basedir statement, so the warning must not be showed. Investigating more deeply i have noticed that the warning do not happen for 'all' the files involved with the function file_exists() or is_readable(), but only for that files that do not exists. Infact, checking /var/www/ineluttabile.it/equilibrium/http-docs/skin/equilibrium/css/mozilla/style.css the file do not exists, and file_exists() return correctly a FALSE value, but the warning do not have any meaning (IMHO), maybe have a mean for the function is_readable(), but not for file_exists() and however, the file is inside the open_basedir restriction so it is a non sense warning. -- Edit bug report at http://bugs.php.net/?id=37476&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=37476&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=37476&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=37476&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=37476&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=37476&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=37476&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=37476&r=needscript Try newer version:http://bugs.php.net/fix.php?id=37476&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=37476&r=support Expected behavior:http://bugs.php.net/fix.php?id=37476&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=37476&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=37476&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=37476&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37476&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=37476&r=dst IIS Stability:http://bugs.php.net/fix.php?id=37476&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=37476&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=37476&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=37476&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=37476&r=mysqlcfg
#34656 [Com]: open_basedir restriction in effect although paths are set correctly
ID: 34656
Comment by: info at wiredtek dot info
Reported By: wolfram at schlich dot org
Status: Feedback
Bug Type: Safe Mode/open_basedir
Operating System: Linux 2.2.16 i586
PHP Version: 4.4.1
New Comment:
same problem here with php 5.0.5 on a Gentoo box and apache 2.0.54
for each virtual hosts i set the open_basedir via Apache conf:
ServerName xx
DocumentRoot "/home/administrator/"
php_admin_value open_basedir .:/home/administrator/:/usr/share/php
(php.ini: no open_basedir specified, include_path =
".:/usr/share/php/", no safe mode)
all work with php 4.3.11, but upgrading to php 5.0.5 i give a lot of
warnings about open_basedir restrictions in /usr/share/php.
in /usr/share/php there is the PEAR classes repository.
php 4.x is able to include PEAR classes from /usr/share/php, but php5
is able to pick up only first level files, not the one present in the
subfolders; for example php5 is able to include /usr/share/php/PEAR.php
but not /usr/share/XML/Serializer.php showing me the open_basedir
restrictions.
I can fix the problem with
php_admin_value open_basedir none
in the Apache configuration, but it is not safe, and it is not what i
need.
There is a patch for this?
Previous Comments:
[2005-11-04 16:04:24] jf at probe-networks dot de
I can confirm this, PHP 4.4.1 seems to have major problems with
(atleast) open_basedir. It seems to ignore path's set via httpd.conf.
The following is from 4.4.1 using Confixx 3.1 (very famous server
administration frontend):
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../settings.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 75
[04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction
in effect. File(../functions.inc.php) is not within the allowed
path(s): (/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(../functions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../functions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 76
[04-Nov-2005 15:39:10] PHP Warning: main(): open_basedir restriction
in effect. File(../sessions.inc.php) is not within the allowed path(s):
(/srv/www/htdocs/confixx) in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning: main(../sessions.inc.php): failed
to open stream: Operation not permitted in
/srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Warning: main(): Failed opening
'../sessions.inc.php' for inclusion
(include_path='.:/srv/www/htdocs/confixx/html/include:/srv/www/htdocs/confixx/html')
in /srv/www/htdocs/confixx/html/reseller/auth.php on line 77
[04-Nov-2005 15:39:10] PHP Fatal error: Call to undefined function:
db_connect() in /srv/www/htdocs/confixx/html/reseller/auth.php on line
79
reseller/auth.php:
Starting Line 73:$PHP_AUTH_USER = $PHP_AUTH_PW = '';
include("../settings.inc.php");
include("../functions.inc.php");
include('../sessions.inc.php');
db_connect($db_host, $db_user, $db_pass);
sessao_start();
[2005-11-02 14:43:40] troy at riq dot qc dot ca
Hi,
I always have open_basedir set to "/webdir/htdocs/" in the php.ini and
for each website, a more precise open_basedir like
"/webdir/htdocs/site1" set in httpd.conf.
With 4.3.11 that work like I expect.
[2005-11-01 22:34:00] [EMAIL PROTECTED]
Does it work if you set the open_basedir in php.ini ?
[2005-11-01 22:19:12] troy at riq dot qc dot ca
I just backtrack to a old version because 4.4.1 seem buggy with
open_basedir.
"../scripts/Connect.php" is in the open_basedir but 4.4.1 refuse it.
BTW, the open_basedir is set via apache httpd.conf and have always
work.
PHP Warning: main(): open_basedir restriction in effect.
File(../scripts/Connect.php) is not within the allowed path(s):
(/webdir/htdocs/site3/) in /webdir/htdocs/site3/something/page.php on
line 2
PHP Warning: main(../scripts/Connect.php): failed to open stream:
Operation not permitted in /webdir/htdocs/site3/something/page.php on
line 2
PHP Warning: main(): Failed opening '../scrip
