From:
Operating system: CentOS release 5.4 (Final)
PHP version: 5.3.6
Package: Safe Mode/open_basedir
Bug Type: Bug
Bug description:partial open_basedir path no longer works
Description:
------------
Our VirtualHost points to a symlink which links to the document_root of the
current application version.
Example directory list;
l /var/www/html/application -> /var/www/html/application-v1.2.3
d /var/www/html/application-v1.2.2
d /var/www/html/application-v1.2.3
Before v5.3 (5.2.4 I think) using the entire symlink path as open_basedir
value
would sitll trigger
open_basedir error's. We worked around this problem by using the partial
suffix
'/var/www/html/app'.
This behaviour was fixed when we upgraded to v5.3.2 were the entire symlink
path
would work as well, but we
did not bother to update all our vhost's as both methods now worked.
But now we have upgraded to v5.3.6 the partial paths no longer work.
Warning: require_once() [function.require-once]: open_basedir restriction
in
effect.
File(/var/www/html/application-v1.2.3/bootstrap.php) is not within the
allowed
path(s): (.:/var/www/html/app)
This behaviour seems to be broken since r305698 where the open_basedir is
always
appended with a directory
separator;
--- php/php-src/trunk/main/fopen_wrappers.c 2010/11/23 21:49:18 305697
+++ php/php-src/trunk/main/fopen_wrappers.c 2010/11/23 22:14:54 305698
@@ -233,6 +233,9 @@
resolved_basedir[resolved_basedir_len] =
PHP_DIR_SEPARATOR;
resolved_basedir[++resolved_basedir_len] = '\0';
}
+ } else {
+ resolved_basedir[resolved_basedir_len++] =
PHP_DIR_SEPARATOR;
+ resolved_basedir[resolved_basedir_len] = '\0';
}
resolved_name_len = strlen(resolved_name);
I don't think this change was intended because it is not listed in the
changelog, and breaks backward
compatibility in a minor release.
--
Edit bug report at http://bugs.php.net/bug.php?id=54726&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=54726&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=54726&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=54726&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=54726&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=54726&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=54726&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=54726&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=54726&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=54726&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=54726&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=54726&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=54726&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=54726&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=54726&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=54726&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=54726&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=54726&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=54726&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=54726&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=54726&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=54726&r=mysqlcfg
