ID: 34050
Updated by: [EMAIL PROTECTED]
Reported By: wolfram at schlich dot org
-Status: Open
+Status: Feedback
Bug Type: Safe Mode/open_basedir
Operating System: Linux 2.6.12-gentoo-r4 x86_64
PHP Version: 5CVS-2005-08-09 (dev)
New Comment:
I can't reproduce this either. Try this on command line:
# php -r 'include(/usr/lib/php/Smarty/Smarty.class.php);'
Also, make sure that PHP really is loading the right php.ini file!!
(e.g. if you happen to have one in / that one will be loaded instead)
Previous Comments:
[2005-08-12 01:09:27] wolfram at schlich dot org
no symlink...
[2005-08-12 00:30:26] [EMAIL PROTECTED]
Can't reproduce.
Make sure that /usr/lib/php/Smarty (or any of it's parent dirs) is not
a symbolic link.
[2005-08-09 18:16:23] wolfram at schlich dot org
then the comment above safe_mode_include_dir is silly:
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
it says UID/GID checks are bypassed, so why should I enable
safe_mod_gid then?
I even tried that, result:
--8--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8--
[2005-08-09 18:09:19] [EMAIL PROTECTED]
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
[2005-08-09 16:56:52] wolfram at schlich dot org
Description:
when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.
Reproduce code:
---
--8--[ php.ini ]--8--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = /usr/share/php/:/usr/lib/php/
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8--[ apache vhost config ]--8--
php_value include_path .:/usr/share/php:/usr/lib/php
--8--[ sample php script ]--8--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8--
Expected result:
included file, no error message.
Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19
--
Edit this bug report at http://bugs.php.net/?id=34050edit=1