From: [EMAIL PROTECTED] Operating system: Redhat 6.2 PHP version: 4.2.1 PHP Bug Type: Filesystem function related Bug description: fopen ftp wrapper gets wrong path
The fopen ftp wrapper tries to look for files starting at the root of the file system, rather than the applicable ftp base directory. RFC 1738 gives the specifics of how FTP URLS are to be interpreted - each segment of the path should be treated as a separate CWD command. RFC 1738 says that the slash separating the ftp server name from the path is not part of the path, and slashes included in the path should be encoded (so to ftp the file /etc/motd the url <ftp:[EMAIL PROTECTED]/%2Fetc/motd> should be used, which would correspond to CWD /etc ; RETR motd - wheras the url <ftp:[EMAIL PROTECTED]/etc/motd> corresponds to something like CWD etc; RETR motd - which would fetch the motd file from the user's etc directory). RFC 2396 now rules that the slash following the server name is part of the path, but it's wrong to interpret this as meaning that the path requested is based on the file system root - in HTML the initial slash indicates that the path is absolute not relative, and it makes sense to continue to interpret FTP urls in the same manner, especially as there is a mechanism to address files outside the ftp file area. There are a couple of implementation issues for resolving this problem - compatibility to previous behaviour and the method of getting to the destination directory. Compatibility could be addressed by including a ftp_path_bug_behaviour variable, or preferably just fixing the behaviour and documenting the change in big letters. The issue of getting to the destination directory is probably only of interest to nit-pickers, but here it is. It's not outside the bounds of possibility that an ftp server might perform magic when CWD'ing to a directory, so it might be preferable to get to the destination of the path by a series of CWD's. However, it's also possible that the directory structure is set up with unaccessable directories between the start of the path and the end, so a one-hit grab might be in order. Both concerns could be accomodated by first attempting a series of CWD's to get to the destination directory, and if these are unsuccessful then attempt a one-hit command before giving up. However, I suspect that the one-hit version would work for almost all users, and those users which need something else can use the FTP module -- Edit bug report at http://bugs.php.net/?id=17347&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=17347&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=17347&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=17347&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=17347&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=17347&r=support Expected behavior: http://bugs.php.net/fix.php?id=17347&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=17347&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=17347&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=17347&r=globals