ID: 32503 Updated by: [EMAIL PROTECTED] Reported By: Bjorn dot Wiberg at its dot uu dot se -Status: Open +Status: No Feedback Bug Type: Safe Mode/open_basedir Operating System: IBM AIX 5.2.0.0 ML5 PHP Version: 5.1.1
Previous Comments: ------------------------------------------------------------------------ [2005-12-19 17:46:22] Bjorn dot Wiberg at its dot uu dot se Hi sniper! Just wanted to tell you that for 5.1.1, the following holds: If the path to the file is not listable (r flag) all the way, one gets the following message: Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 The same error occurs until one makes sure that the path all the way to the file is listable (r flag). Then, with the path all the way to the file listable (r flag), one gets, with "a.txt" and no existing file: /apache/htdocs/bwiberg/test/safemode Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 However, "./a.txt" and no existing file works fine. With "a.txt" and the file already existing, things work just fine. With "./a.txt" and the file already existing, things work just fine. Would it be OK to wait for 5.1.2, or have things related to this actually changed in the latest snapshot? (I just recompiled and installed 5.1.1, awaiting some possible input on or fixes to another bug, so I hope to recompile again sometime early next year.) Wishing you a Merry Christmas and a Happy New Year, and for putting up with me and my AIX troubles. :-) Best regards, Björn ------------------------------------------------------------------------ [2005-07-05 10:21:38] Bjorn dot Wiberg at its dot uu dot se (Thanks for fixing the mpm_common crash, that problem is gone now.) With #define HAVE_BROKEN_GETCWD 1 in php_config.h, and having made sure that the path up to the directory where the file is to be created has sufficient permissions, I still get the same error: /apache/htdocs/bwiberg/test/safemode Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Having the read (r) permission off for the "test" directory along the way: Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Best regards, Björn ------------------------------------------------------------------------ [2005-05-09 14:15:53] Bjorn dot Wiberg at its dot uu dot se Hi again! I just tried the #define HAVE_BROKEN_GETCWD 1 trick from http://bugs.php.net/bug.php?id=32501, with PHP 5.0.4 (the "fixed" version) but that didn't help in this regard. I thought I would mention this. Best regards, Björn ------------------------------------------------------------------------ [2005-04-05 09:28:28] Bjorn dot Wiberg at its dot uu dot se Hi Tony! Thank you for your feedback! I'm afraid that absolute paths aren't a very viable solution to this, as that probably would break too many scripts, expecting it to be possible to "just" save a file to the current directory. Is the "PHP realpath hack" supposed to handle these kind of problems on AIX? Please let me know if I can help in any way! Best regards, Björn ------------------------------------------------------------------------ [2005-04-04 17:11:05] [EMAIL PROTECTED] Right, this is somehow concerned with broken realpath() on AIX. The problem is that we end up with relative path in php_checkuid_ex() function and it fails to check permissions for the directory. Of course, the easiest solution is to use absolute paths everywhere. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/32503 -- Edit this bug report at http://bugs.php.net/?id=32503&edit=1
