This is almost an exact copy of a patch I had submitted in October of 2000.(before I
became a contributor).
I wonder if it is a copy?
http://marc.theaimsgroup.com/?l=php-devm=97145490702792w=2
This idea (and many others) was on hold to a cleaner redesign of
safe_mode.
-Jason
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 14, 2001 4:34 AM
Subject: [PHP-DEV] Bug #10322 Updated: Logical error in fopen-wrappers.c
ID: 10322
Updated by: jmoore
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: PHP options/info functions
PHP Version: 4.0.4pl1
Assigned To:
Comments:
This will not make it into 4.0.5 as this was branched a while back but it might well
make it into 4.0.6. Ill get a developer to
look at this patch.
- James
Previous Comments:
---
[2001-04-13 20:57:35] [EMAIL PROTECTED]
I thought, while I'm here, I'd submit a patch to fix this.
The patch also includes support for an additional special case in php.ini's
open_basedir.
The current "." allows scripts to access files in the same directory as the script.
"DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's
directory tree. DOCUMENT_ROOT is calculated by
PATH_TRANSLATED and removing SCRIPT_URI from the end - This conveniently works for
both full Apache Virtalhosts and mod_aliased Mass
virtual hosting (I don't know if this is true for the newer mod_vhost - just check
what PATH_TRANSLATED and SCRIPT_URI is set to in
phpinfo() - if removing the latter from the former is the sites docroot then you are
away).
Anyway, the patch: code shamelessly copied from the "." segment :)
*** main/fopen-wrappers.c.orig Fri Apr 13 17:50:02 2001
--- main/fopen-wrappers.c Sat Apr 14 01:46:28 2001
***
*** 141,151
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
int local_open_basedir_pos;
SLS_FETCH();
/* Special case basedir==".": Use script-directory */
! if ((strcmp(PG(open_basedir), ".") == 0)
SG(request_info).path_translated
*SG(request_info).path_translated
) {
--- 141,167
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_request_uri;
int local_open_basedir_pos;
SLS_FETCH();
+ /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the
+* virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI
+* [EMAIL PROTECTED]
+*/
+ if ((strcmp(basedir, "DOCUMENT_ROOT") == 0)
+ SG(request_info).path_translated
+ *SG(request_info).path_translated ) {
+ /* Copy path_translated to local_open_basedir, the look in
+ this string for where request_uri starts and zero that byte
+ thus leaving local_open_basedir set to the virtualhost's
+ DOCUMENT_ROOT */
+ strlcpy(local_open_basedir, SG(request_info).path_translated, si
zeof(local_open_basedir));
+ local_open_request_uri=strstr(local_open_basedir,SG(request_info
).request_uri);
+ if (local_open_request_uri) *local_open_request_uri = '
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
