Edit report at http://bugs.php.net/bug.php?id=53516&edit=1
ID: 53516
Comment by: webmaster at imposit dot com
Reported by:ofi at evil dot net dot pl
Summary:open_basedir BUG introduced in PHP 5.2.15
Status: Closed
Type: Bug
Package:Streams related
Operating System: Linux 2.6.36.1
PHP Version:5.2.15
Assigned To:iliaa
Block user comment: N
Private report: N
New Comment:
This seems not to be solved in 5.2.17 either
for example
open_basedir = /var/www
within /var/www/login.php has
include ('step2.php');
/var/www/step2.php exist (same right as other files, readable...)
openbasedir restriction denies access to the file
you need to include('./step2.php')
to get it work
this is not possible, on my hosts running tousands of different php
scripts
does work until and including version 5.2.14
Previous Comments:
[2010-12-15 14:50:48] joho at boojam dot se
Wouldn't this merit 5.2.16 considering it's "quite" fatal?
[2010-12-10 13:50:36] il...@php.net
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
[2010-12-10 13:50:27] il...@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=306184
Log: Fixed bug #53516 (Regression in open_basedir handling).
[2010-12-10 11:28:21] ofi at evil dot net dot pl
Description:
Just look at:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/fopen_wrappers.c?r1=303823&r2=306136
and
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698
'-1' is missing in 5_2 branch
Test script:
---
Not needed - just enable open_basedir.
Expected result:
Working php script.
Actual result:
--
Open_basedir restriction...
--
Edit this bug report at http://bugs.php.net/bug.php?id=53516&edit=1
