#17445 [Com]: open_basedir warning when including file in same dir
ID: 17445
Comment by: stv at seznam dot cz
Reported By: mitch at webcob dot com
Status: No Feedback
Bug Type: Scripting Engine problem
Operating System: FreeB SD 4.4
PHP Version: 4.2.1
New Comment:
Same problem.
Why it haven't been solved yet in core?
Just only first check if file exists before check for permissions.
Why none feedback from here from some developers?
I can describe this problem detaily:
On server php5.cz with this configuration of php
http://slapstick.php5.cz/info.php
include_path is set: /www/7/site2017/:.:/usr/lib/php
open_basedir is set: /www/7/site2017/
Reproduce code:
In file /www/7/site2017/wwwroot/index.php :
require_once('../controller/inc.controller.php');
In file /www/7/site2017/controller/inc.controller.php :
error_reporting(E_ALL | E_STRICT);
if (!include_once('inc.config.php')) die('Application error0');
Require works as expected. Include not.
Because php is first searching in paths related to directory
/www/7/site2017/wwwroot/ and after trying to include file
/usr/lib/php/inc.config.php raises warning permission denied for this
include (due open_basedir) and ends proccessing of script even if the
file /usr/lib/php/inc.config.php doesn't exist.
Why rising permission warning even if file doesn't exist?
Expected result:
Including file /www/7/site2017/controller/inc.config.php
Actual result:
Warning: main() [function.main]: open_basedir restriction in effect.
File(/usr/lib/php/inc.config.php) is not within the allowed path(s):
(/www/7/site2017/) in /www/7/site2017/controller/inc.controller.php on
line 6
Warning: main(inc.config.php) [function.main]: failed to open stream:
Operation not permitted in
/www/7/site2017/controller/inc.controller.php on line 6
Warning: main() [function.include]: Failed opening 'inc.config.php' for
inclusion (include_path='/www/7/site2017/:.:/usr/lib/php') in
/www/7/site2017/controller/inc.controller.php on line 6
Application error0
Previous Comments:
[2002-10-24 01:00:03] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[2002-10-08 22:51:06] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
[2002-05-27 01:16:34] mitch at webcob dot com
I have set open_basedir =
/home/user
I have set include_path =
.:/home/user/lib:/home/user/site/lib
I have a file located in:
/home/user/site/htdocs/
which requires another file in the same directory.
The include WORKS.
BUT IT PRODUCED A WARNING:
Warning: open_basedir restriction in effect. File is in wrong directory
in /home/user/site/htdocs/file1.php on line 3 File2 is here.
The "File2 is here" is produced by the included file.
I've seen others comment on this problem, but could find no solution or
open occurance of it in the bug list.
Thanks.
Mitch.
--
Edit this bug report at http://bugs.php.net/?id=17445&edit=1
#30495 [Com]: Apache crashes when calling array_walk_recursive twice.
ID: 30495
Comment by: stv at seznam dot cz
Reported By: jaakkos at mbnet dot fi
Status: Open
Bug Type: Reproducible crash
Operating System: Windows XP
PHP Version: 5.0.2
New Comment:
Is there any problem of overloading of system in recursion if user
posts big multidimenzional field for example 100 000 of depth ?
If positive there would be one parameter more for array_walk_recursive
with max_depth level indication.
Previous Comments:
[2004-10-20 15:06:45] jaakkos at mbnet dot fi
Description:
Apache server crashes when array_walk_recursive is called twice. Tested
on Apache 2.0.52 and 1.3.29 (Windows XP).
Reproduce code:
---
//Just for testing +
$_POST['ab'] = 'cd';
$_GET['ef'] = 'gh';
//Just for testing -
function cleanup(&$value,$key){
if (is_string($value)){
$value = trim(strip_tags($value));
get_magic_quotes_gpc() && $value = stripslashes($value);
}
}
array_walk_recursive($_POST,'cleanup');
array_walk_recursive($_GET,'cleanup');
Expected result:
Remove tags and slashes from $_POST and $_GET hashes.
Actual result:
--
szAppName : Apache.exe szAppVer : 2.0.52.0 szModName : unknown
szModVer : 0.0.0.0 offset :
--
Edit this bug report at http://bugs.php.net/?id=30495&edit=1
#29929 [Com]: array_walk_recursive unusable in mod_php
ID: 29929
Comment by: stv at seznam dot cz
Reported By: jr at terragate dot net
Status: Open
Bug Type: Reproducible crash
Operating System: Gentoo Linux 1.4
PHP Version: 5.0.1
New Comment:
Same problem with apache 1.3.31 with php 5.0.1 or 5.0.2 as module on
Win2000.
Vasek
Previous Comments:
[2004-09-01 10:25:25] jr at terragate dot net
Description:
An Apache child (1.3.x and 2.0.x prefork) crashes if a call to
array_walk_recursive has been made in a previous request.
For this reason this bug isn't reproduceable with php-cgi nor
php-cli.
To reliably reproduce this bug run apache (with mod_php) in single
process mode (-X) to be sure that the same process will serve the two
requests and request the given page twice (or any other php page as
second request).
PHP configure:
'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--with-apxs=/usr/sbin/apxs'
'--with-config-file-path=/etc/php/apache1-php5' '--without-pear'
'--disable-bcmath' '--without-bz2' '--disable-calendar'
'--without-jpeg-dir' '--without-cpdflib' '--disable-ctype'
'--without-curl' '--without-curlwrappers' '--disable-dbase'
'--disable-dio' '--disable-exif' '--without-fam' '--without-fbsql'
'--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext'
'--without-gmp' '--without-hwapi' '--without-iconv'
'--without-informix' '--without-ingres' '--without-interbase'
'--enable-mbstring' '--with-mcrypt' '--without-openssl-dir'
'--without-mcve' '--disable-memory-limit' '--without-mhash'
'--without-mime-magic' '--without-ming' '--without-mnogosearch'
'--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8'
'--without-oracle' '--with-openssl' '--without-ovrimos'
'--enable-pcntl' '--without-pfpro' '--without-pgsql' '--with-pspell'
'--without-recode' '--disable-simplexml' '--disable-shmop'
'--without-snmp' '--disable-soap' '--disable-sockets' '--disable-spl'
'--without-sybase' '--without-sybase-ct' '--disable-sysvmsg'
'--disable-sysvsem' '--disable-sysvshm' '--without-tidy'
'--disable-tokenizer' '--disable-wddx' '--without-xsl'
'--without-xmlrpc' '--disable-yp' '--with-zlib' '--without-cdb'
'--with-db4' '--without-dbm' '--without-flatfile' '--with-gdbm'
'--without-inifile' '--without-qdbm' '--with-freetype-dir=/usr'
'--with-t1lib=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-tiff-dir=/usr'
'--without-xpm-dir' '--with-gd' '--with-ldap' '--without-ldap-sasl'
'--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock'
'--without-mm' '--without-msession' '--without-sqlite' '--enable-dba'
'--with-readline' '--without-libedit'
Reproduce code:
---
array('bar' => 'baz'));
array_walk_recursive($nested_array, 'process_value');
?>
Expected result:
No Segmentation fault
Actual result:
--
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 15154)]
0x0006 in ?? ()
(gdb) bt
#0 0x0006 in ?? ()
#1 0x4062404f in zend_call_function (fci=0xbfffcd60,
fci_cache=0x4083458c)
at
/var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute_API.c:853
#2 0x4056dfa0 in php_array_walk (target_hash=0x81724ac, userdata=0x0,
recursive=1)
at
/var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1045
#3 0x4056de86 in php_array_walk (target_hash=0x81725fc, userdata=0x0,
recursive=1)
at
/var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1019
#4 0x4056e3f7 in zif_array_walk_recursive (ht=2,
return_value=0x81725b4, this_ptr=0x0,
return_value_used=0) at
/var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1135
#5 0x40651739 in execute_internal (execute_data_ptr=0xbfff
