ID: 32836 User updated by: kkrusteff at intergenia dot de Reported By: kkrusteff at intergenia dot de -Status: Bogus +Status: Open Bug Type: Unknown/Other Function Operating System: linux PHP Version: 4.3.10 New Comment:
No matter what you call it or verify your inputs, it's a BUG. In no other language / shell / usual program in unix/linux you can do such thing and to be accepted as valid file! This file does NOT actually exists. Why including it results in getting wrong file?. Wrong parsing in include() function? Yes, no doubt. Please don't tell people 'verify your inputs'. Sometimes it's not possible. Or they should execute 'readlink -f ' before including? or do other weird stuff to avoid this case. Or what? Previous Comments: ------------------------------------------------------------------------ [2005-04-27 04:46:58] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Validate your inputs. ------------------------------------------------------------------------ [2005-04-26 15:53:31] slavi at imperia dot net See "#29949 Relative include() sometimes works as expected." ( http://bugs.php.net/bug.php?id=29949 ) I think it describes the same problem. ------------------------------------------------------------------------ [2005-04-26 13:58:31] kkrusteff at intergenia dot de Description: ------------ Frequently used way to include lang file include("./lang/login.php.$_REQUEST["lang"]); The problem is if in URL use lang=../../../../../../../../../../etc/hosts and we get the host file from computer. Reproduce code: --------------- <?PHP include("./lang/login.php.../../../../../../../../../../etc/hosts"); ?> //or <?php include("./lang/login.php.../../../../../../../../../etc/hosts"); ?> //that's will show the host file Expected result: ---------------- file not found Actual result: -------------- that's will show the host file or other file .. if you know the path ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32836&edit=1
