 |
 |
Find a programming school near you
php-developer-list | 2001041
Date: 04/13/01
- Next message: Zeev Suraski: "Re: [PHP-DEV] Same mysql link when calling mysql_connect a second time with same arguments"
- Previous message: Wez Furlong: "Re: [PHP-DEV] GD 2.0.1 and FreeType 2"
- Next in thread: php-bugrep <email protected>: "[PHP-DEV] PHP 4.0 Bug #10322 Updated: Logical error in fopen-wrappers.c"
- Maybe reply: php-bugrep <email protected>: "[PHP-DEV] PHP 4.0 Bug #10322 Updated: Logical error in fopen-wrappers.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ID: 10322
User Update by: php-bugrep <email protected>
Status: Open
Bug Type: PHP options/info functions
Description: Logical error in fopen-wrappers.c
I thought, while I'm here, I'd submit a patch to fix this.
The patch also includes support for an additional special case in php.ini's open_basedir.
The current "." allows scripts to access files in the same directory as the script.
"DOCUMENT_ROOT" allows a script to access any other file in the virtualhost's directory tree. DOCUMENT_ROOT is calculated by PATH_TRANSLATED and removing SCRIPT_URI from the end - This conveniently works for both full Apache Virtalhosts and mod_aliased Mass virtual hosting (I don't know if this is true for the newer mod_vhost - just check what PATH_TRANSLATED and SCRIPT_URI is set to in phpinfo() - if removing the latter from the former is the sites docroot then you are away).
Anyway, the patch: code shamelessly copied from the "." segment :)
*** main/fopen-wrappers.c.orig Fri Apr 13 17:50:02 2001
--- main/fopen-wrappers.c Sat Apr 14 01:46:28 2001
***************
*** 141,151 ****
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
int local_open_basedir_pos;
SLS_FETCH();
/* Special case basedir==".": Use script-directory */
! if ((strcmp(PG(open_basedir), ".") == 0) &&
SG(request_info).path_translated &&
*SG(request_info).path_translated
) {
--- 141,167 ----
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_request_uri;
int local_open_basedir_pos;
SLS_FETCH();
+ /* Special case basedir="DOCUMENT_ROOT": Restrict to directory of the
+ * virtualhost itself as calculated by PATH_TRANSLATED - SCRIPT_URI
+ * php <email protected>
+ */
+ if ((strcmp(basedir, "DOCUMENT_ROOT") == 0) &&
+ SG(request_info).path_translated &&
+ *SG(request_info).path_translated ) {
+ /* Copy path_translated to local_open_basedir, the look in
+ this string for where request_uri starts and zero that byte
+ thus leaving local_open_basedir set to the virtualhost's
+ DOCUMENT_ROOT */
+ strlcpy(local_open_basedir, SG(request_info).path_translated, si
zeof(local_open_basedir));
+ local_open_request_uri=strstr(local_open_basedir,SG(request_info
).request_uri);
+ if (local_open_request_uri) *local_open_request_uri = '\0';
+ } else
/* Special case basedir==".": Use script-directory */
! if ((strcmp(basedir, ".") == 0) &&
SG(request_info).path_translated &&
*SG(request_info).path_translated
) {
(I realise cut-n-paste into this window will convert all the nice TABS to spaces, so a patch < this file isn't going to be as clean).
I'd really appreciate this being included in the next patchlevel / release as I'd guess that anyone already using "." will want this.
Paul.
Previous Comments:
---------------------------------------------------------------------------
[2001-04-13 18:52:07] php-bugrep <email protected>
In main/fopen_wrappers.c I see that there is a function:
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path PLS_DC)
However "basedir" is never used in this function at all,
only PG(open_basedir).
Surely this negates the point of the function being called individually for each tokenised entry on open_basedir/php.ini? I think it will only match, ever, on the first entry in the config file.
So, should all references to PG(open_basedir) in php_check_specific_open_basedir() be replaced with the arg basedir ?
Thanks,
Paul Gregg
(Hacking in support for DOCUMENT_ROOT as another "specical case")
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=10322
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Zeev Suraski: "Re: [PHP-DEV] Same mysql link when calling mysql_connect a second time with same arguments"
- Previous message: Wez Furlong: "Re: [PHP-DEV] GD 2.0.1 and FreeType 2"
- Next in thread: php-bugrep <email protected>: "[PHP-DEV] PHP 4.0 Bug #10322 Updated: Logical error in fopen-wrappers.c"
- Maybe reply: php-bugrep <email protected>: "[PHP-DEV] PHP 4.0 Bug #10322 Updated: Logical error in fopen-wrappers.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
