From: php-bugs at antispam dot nerds dot org dot uk Operating system: FreeBSD PHP version: 5.0.5 PHP Bug Type: Apache2 related Bug description: Patch to get around apache not expanding %0 when passed open_basedir in vhost
Description: ------------ There are often cases where apache users with php5 installed will want to use dynamic vhosts (not least because it's in the apache docs), which leads to something like this: <VirtualHost 82.70.196.65:80> VirtualDocumentRoot /data/www/%0 ServerName %0 php_admin_value open_basedir %0 </VirtualHost> Unfortunately apache is naughty and doesn't expand the %0 on the php_admin_value line, which means that restricting the directories that php has access to is a pain! This I know is an apache problem, rather than a php one, however I found a patch on a forum (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) that gets around this nicely, and I just tweaked it to work in php5 (I'm not trying to claim any credit away from the original author, I just like the feature!). I figured this was posted a long time ago, if he was going to submit it - he would have by now. Basically it just adds a keyword of VIRTUAL_DOCUMENT_ROOT, which has essentially the same end result, as it causes the fopen wrapper to expand it to the VirtualDocumentRoot. Patch included at the "Reproduce Code" Reproduce code: --------------- --- main/fopen_wrappers.c.orig Sun Sep 25 22:25:20 2005 +++ main/fopen_wrappers.c Sun Sep 25 22:28:40 2005 @@ -95,8 +95,18 @@ char resolved_name[MAXPATHLEN]; char resolved_basedir[MAXPATHLEN]; char local_open_basedir[MAXPATHLEN]; + char *local_open_basedir_sub; /* Substring pointer for strstr */ int resolved_basedir_len; int resolved_name_len; + + if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) && + SG(request_info).path_translated && *SG(request_info).path_translated ) { + + strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir)); + local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri); + /* Now insert null to break apart the string */ + if (local_open_basedir_sub) *local_open_basedir_sub = '\0'; + } else /* Special case basedir==".": Use script-directory */ if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) { -- Edit bug report at http://bugs.php.net/?id=34663&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34663&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=34663&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=34663&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=34663&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=34663&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=34663&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=34663&r=needscript Try newer version: http://bugs.php.net/fix.php?id=34663&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=34663&r=support Expected behavior: http://bugs.php.net/fix.php?id=34663&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=34663&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=34663&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=34663&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34663&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=34663&r=dst IIS Stability: http://bugs.php.net/fix.php?id=34663&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=34663&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=34663&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=34663&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=34663&r=mysqlcfg