ID: 19650 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: No Feedback +Status: Closed Bug Type: Scripting Engine problem Operating System: Windows PHP Version: 4.2.3 New Comment:
OK, today's snapshot (27 0ct 2002) seems to be correct: z:/t.php: <?include "/test.php"?> z:/test.php: <?echo "!"?> Z:\!distrib\php\php4-win32-latest>php.exe /t.php ! Thanks. But I suppose that this bug is deeply rooted. When I make PHP to read a script from STDIN: Z:\!distrib\php\php4-win32-latest>php.exe <?include "/test.php"?> ^Z Warning: main(/test.php) [http://www.php.net/function.main]: failed to create stream: No such file or directory in Z:\!distrib\php\php4-win32-latest\- on line 2 Warning: Failed opening '/test.php' for inclusion (include_path='.;c:\php4\pear') in Z:\!dis trib\php\php4-win32-latest\- on line 2 Of course, Z:\!distrib\php\php4-win32-latest>php.exe <?include "z:/test.php"?> ^Z ! Previous Comments: ------------------------------------------------------------------------ [2002-10-27 19:11:06] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2002-10-12 10:26:26] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-10-07 12:18:47] [EMAIL PROTECTED] Wow... I'm a fool, I have tested wrong PHP version! Error is still actual. But now I think I have found the bug place. File main/fopen_wrappers.c, in function php_fopen_with_path, we can see a piece of code: if (IS_ABSOLUTE_PATH(filename, filename_length)) { if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) /* filename is in safe_mode_include_dir (or subdir) */ return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } /* else start to glue path from include_path */ ... Under Windows IS_ABSOLUTE_PATH is: #define IS_ABSOLUTE_PATH(path, len) \ (len >= 2 && isalpha(path[0]) && path[1] == ':') Of course, when Apache's mod_php4 makes "include" request for "/home/localhost/www/phpinfo.php", program DOES NOT get into "if" statement! And we get pathes something like ".//home/localhost/www/phpinfo.php" and "c:/php/pear//home/localhost/www/phpinfo.php" when include_path=".;c:/php/pear" (I have dumped "path" argument of virtual_fopen function [tsrm_virtual-cwd.c] to watch such pathes). We cannot modify IS_ABSOLUTE_PATH macro, because there is #define COPY_WHEN_ABSOLUTE 2 before it, and core always think that "absolute" part contains 2 characters - we'd like to thank developers of windows port for that :-(. Path "/some/path" contains NONE "absolute" characters ("z:/some/path" contains two - "z:"). But, if we patch: - if (IS_ABSOLUTE_PATH(filename, filename_length)) { + if (IS_ABSOLUTE_PATH(filename, filename_length) + || IS_SLASH(*filename)) { PHP begins to work! I don't know would it cause a security problem with safe_mode. Code is too tangled and duplicated (somebody likes "copy+paste" technique of programming, I suppose). Please correct this bug in next PHPs. Now I will patch it "by hands", but I don't want our users to cry when they would install newer version and it begin to trash. ------------------------------------------------------------------------ [2002-10-05 18:49:02] [EMAIL PROTECTED] Of course, not OK (-; File c:\t.php: <?php include "/test.php" ?> File c:\test.php: <?php echo "!" ?> c:\php> php.exe -q < c:\t.php <br /> <b>Warning</b>: Failed opening '/test.php' for inclusion (include_path='.;c:\php4\pear') in <b>-</b> on line <b>2</b><br /> c:\php> php.exe -q c:\t.php ! Strange, isn't it?.. Good "/test.php", or not good, when I write DocumentRoot /home/localhost/www in httpd.conf, and then GET /phpinfo.php HTTP/1.1 Apache calls /home/localhost/www/phpinfo.php, but not ./home/localhost/www (-; Well, 4.2.3 processes it correctly (and we may close this bug report), but... I meant that PHP 4.2.3 still have something wrong in its code, because absolute-slashed pathes do not work sometimes (like in "< script", maybe somewhere else?). Here, in Russia, we saying in such cases: "Heh, something's wrong in Danish kingdom". (-; Today I tried to debug it, but have not found a bug place. Maybe next time. Good luck. ------------------------------------------------------------------------ [2002-10-05 16:07:37] [EMAIL PROTECTED] <?include "/test.php"?> is not good this is better: <?php include ("./test.php"); ?> ok? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/19650 -- Edit this bug report at http://bugs.php.net/?id=19650&edit=1
