Req #55651 [Com]: Option to force PHP to ignore the PASV address returned
Edit report at https://bugs.php.net/bug.php?id=55651&edit=1 ID: 55651 Comment by: abrender at elitehosts dot com Reported by:abrender at elitehosts dot com Summary:Option to force PHP to ignore the PASV address returned Status: Open Type: Feature/Change Request Package:FTP related Operating System: All PHP Version:5.3.8 Block user comment: N Private report: N New Comment: Hi, Any chance of this patch getting reviewed and accepted? (A more detailed explanation is at http://www.elitehosts.com/blog/php-ftp-passive-ftp-server- behind-nat- nightmare/) There were 78 votes, 72 people reproduced the problem and other people are seeing the same problem: http://blog.derakkilgo.com/2013/08/24/php-has-a-ftps-bug-please-vote-this-bug- up-so-someone-will-approve-this-patch/ https://bugs.php.net/bug.php?id=64600 http://www.codingforums.com/archive/index.php/t-285742.html http://www.techques.com/question/1-2851547/How-to-Send-File-over-secure-FTP-SSL- Protocol http://www.webdeveloper.com/forum/showthread.php?236275-ftp_connect-blocked Thanks! Previous Comments: [2011-09-10 15:57:03] abrender at elitehosts dot com PS - this patch works against PHP 5.2.17 as well as 5.3.8 [2011-09-09 08:09:49] abrender at elitehosts dot com Description: In response to the PASV command, FTP servers sometimes return their IP address (10.X for example) and PHP honors this IP address, stores it in ftp->pasvaddr and uses that for future connections. This is problematic because PHP won't be able to communicate with a server behind a NAT device using passive FTP. The attached patch adds the USEPASVADDRESS option (a boolean) which can be set and read via the ftp_set_option() and ftp_get_option() functions. USEPASVADDRESS is set to TRUE by default to preserve existing functionality. When USEPASVADDRESS is set to FALSE, the ftp extension will ignore the IP address returned by the PASV command and instead use the IP address passed to ftp_connect() (or ftp_ssl_connect()) In the future we may expand the values to include AUTO which would ignore any RFC 1918 IP addresses returned by the PASV command. The only thing to note is that the call to ftp_set_option() must be made before ftp_pasv() is called. -- Edit this bug report at https://bugs.php.net/bug.php?id=55651&edit=1
[PHP-BUG] Req #55651 [NEW]: Option to force PHP to ignore the PASV address returned
From: Operating system: All PHP version: 5.3.8 Package: FTP related Bug Type: Feature/Change Request Bug description:Option to force PHP to ignore the PASV address returned Description: In response to the PASV command, FTP servers sometimes return their IP address (10.X for example) and PHP honors this IP address, stores it in ftp->pasvaddr and uses that for future connections. This is problematic because PHP won't be able to communicate with a server behind a NAT device using passive FTP. The attached patch adds the USEPASVADDRESS option (a boolean) which can be set and read via the ftp_set_option() and ftp_get_option() functions. USEPASVADDRESS is set to TRUE by default to preserve existing functionality. When USEPASVADDRESS is set to FALSE, the ftp extension will ignore the IP address returned by the PASV command and instead use the IP address passed to ftp_connect() (or ftp_ssl_connect()) In the future we may expand the values to include AUTO which would ignore any RFC 1918 IP addresses returned by the PASV command. The only thing to note is that the call to ftp_set_option() must be made before ftp_pasv() is called. -- Edit bug report at https://bugs.php.net/bug.php?id=55651&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55651&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55651&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55651&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55651&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55651&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55651&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55651&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55651&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55651&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55651&r=support Expected behavior: https://bugs.php.net/fix.php?id=55651&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55651&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55651&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55651&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55651&r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55651&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55651&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55651&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55651&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55651&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55651&r=mysqlcfg
Req #55651 [Com]: Option to force PHP to ignore the PASV address returned
Edit report at https://bugs.php.net/bug.php?id=55651&edit=1 ID: 55651 Comment by: abrender at elitehosts dot com Reported by:abrender at elitehosts dot com Summary:Option to force PHP to ignore the PASV address returned Status: Open Type: Feature/Change Request Package:FTP related Operating System: All PHP Version:5.3.8 Block user comment: N Private report: N New Comment: PS - this patch works against PHP 5.2.17 as well as 5.3.8 Previous Comments: [2011-09-09 08:09:49] abrender at elitehosts dot com Description: In response to the PASV command, FTP servers sometimes return their IP address (10.X for example) and PHP honors this IP address, stores it in ftp->pasvaddr and uses that for future connections. This is problematic because PHP won't be able to communicate with a server behind a NAT device using passive FTP. The attached patch adds the USEPASVADDRESS option (a boolean) which can be set and read via the ftp_set_option() and ftp_get_option() functions. USEPASVADDRESS is set to TRUE by default to preserve existing functionality. When USEPASVADDRESS is set to FALSE, the ftp extension will ignore the IP address returned by the PASV command and instead use the IP address passed to ftp_connect() (or ftp_ssl_connect()) In the future we may expand the values to include AUTO which would ignore any RFC 1918 IP addresses returned by the PASV command. The only thing to note is that the call to ftp_set_option() must be made before ftp_pasv() is called. -- Edit this bug report at https://bugs.php.net/bug.php?id=55651&edit=1
Bug #47110 [Com]: Can not use ftp functions behind firewall
Edit report at https://bugs.php.net/bug.php?id=47110&edit=1 ID: 47110 Comment by: abrender at elitehosts dot com Reported by:konix dot net at du dot t-com dot hr Summary:Can not use ftp functions behind firewall Status: Closed Type: Bug Package:FTP related Operating System: Cent OS (Latest patch) PHP Version:5.2.8 Block user comment: N Private report: N New Comment: If you're seeing 'failed: Operation now in progress (115)' and you've already switched into passive FTP mode then either your firewall needs to be fixed OR the ftp server is returning a private RFC1918 IP address in response to the PASV command which PHP is then trying to connect to and timing out. I've detailed this issue at http://www.elitehosts.com/blog/php-ftp-passive-ftp-server-behind-nat- nightmare/ and posted an entry at bugs.php.net with a patch to fix the issue at https://bugs.php.net/bug.php?id=55651 - please vote for that feature fix if you want it included in future PHP releases. Previous Comments: [2009-01-15 17:41:20] konix dot net at du dot t-com dot hr Fix firewall and it will work. [2009-01-15 17:21:22] konix dot net at du dot t-com dot hr FYI for anyone else looking for answer: - when behind firewall, you will surly set your ftp connection in PASV mode. Be sure to configure your firewall in a right way as you will need port open in upper ranges (from 1024). Once this is done, all PHP FTP function in PSV mode work as they should. [2009-01-15 12:47:50] j...@php.net IIRC, it's just a buggy FTP server issue. [2009-01-15 08:39:14] konix dot net at du dot t-com dot hr Description: I'm trying to connect to FTP server from a script. Script is behind firewall. Only FTP port is allowed (application/script is to be used in PCIDSS enviroment). We tried same script on other servers and no problem accured at all. This could be a firewall / web application firewall (mod_security) issue but we're not sure. Reproduce code: --- $ftp_array = array( // Host, user, pass ); $port = 21; $network_timeout = 30; echo "Connecting...\n"; // Connect $ftp_connection = ftp_connect($ftp_array['host'], $port, network); if ($ftp_connection) { // Login if ($login = ftp_login($ftp_connection, $ftp_array['user'], $ftp_array['pass'])) { // Pasive mode ftp_pasv($ftp_connection, true); // Change dir ftp_chdir($ftp_connection, "in"); // Get dir listing $contents = ftp_nlist($ftp_connection, "."); // Echo list echo ''; print_r($contents); echo ''; } else { echo "Can't login to remote server."; } ftp_close($ftp_connection); } else { exit("Can't connect to remote server."); } Expected result: Array ( [0] => . [1] => .. [2] => 11829_RATE_39.txt ) Actual result: -- Warning: ftp_nlist() [function.ftp-nlist]: php_connect_nonb() failed: Operation now in progress (115) in /var/www/html/public_html/ftp_test.php on line 30 -- Edit this bug report at https://bugs.php.net/bug.php?id=47110&edit=1