From: php-bugs at antispam dot nerds dot org dot uk
Operating system: FreeBSD
PHP version: 5.0.5
PHP Bug Type: Apache2 related
Bug description: Patch to get around apache not expanding %0 when passed
open_basedir in vhost
Description:
------------
There are often cases where apache users with php5 installed will want to
use dynamic vhosts (not least because it's in the apache docs), which
leads to something like this:
<VirtualHost 82.70.196.65:80>
VirtualDocumentRoot /data/www/%0
ServerName %0
php_admin_value open_basedir %0
</VirtualHost>
Unfortunately apache is naughty and doesn't expand the %0 on the
php_admin_value line, which means that restricting the directories that
php has access to is a pain!
This I know is an apache problem, rather than a php one, however I found a
patch on a forum
(http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) that
gets around this nicely, and I just tweaked it to work in php5 (I'm not
trying to claim any credit away from the original author, I just like the
feature!). I figured this was posted a long time ago, if he was going to
submit it - he would have by now.
Basically it just adds a keyword of VIRTUAL_DOCUMENT_ROOT, which has
essentially the same end result, as it causes the fopen wrapper to expand
it to the VirtualDocumentRoot.
Patch included at the "Reproduce Code"
Reproduce code:
---------------
--- main/fopen_wrappers.c.orig Sun Sep 25 22:25:20 2005
+++ main/fopen_wrappers.c Sun Sep 25 22:28:40 2005
@@ -95,8 +95,18 @@
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_basedir_sub; /* Substring pointer for strstr */
int resolved_basedir_len;
int resolved_name_len;
+
+ if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) &&
+ SG(request_info).path_translated &&
*SG(request_info).path_translated ) {
+
+ strlcpy(local_open_basedir,
SG(request_info).path_translated, sizeof(local_open_basedir));
+
local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+ /* Now insert null to break apart the string */
+ if (local_open_basedir_sub) *local_open_basedir_sub =
'\0';
+ } else
/* Special case basedir==".": Use script-directory */
if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir,
MAXPATHLEN)) {
--
Edit bug report at http://bugs.php.net/?id=34663&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34663&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34663&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34663&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=34663&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=34663&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34663&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34663&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34663&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34663&r=support
Expected behavior: http://bugs.php.net/fix.php?id=34663&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34663&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34663&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=34663&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34663&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=34663&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34663&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34663&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34663&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34663&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34663&r=mysqlcfg
