Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46996
Return-Path: <konference@kukulich.cz>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 32617 invoked from network); 15 Feb 2010 20:48:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Feb 2010 20:48:24 -0000
Authentication-Results: pb1.pair.com header.from=konference@kukulich.cz; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=konference@kukulich.cz; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kukulich.cz from 195.122.208.215 cause and error)
X-PHP-List-Original-Sender: konference@kukulich.cz
X-Host-Fingerprint: 195.122.208.215 kajo.jyxo.com  
Received: from [195.122.208.215] ([195.122.208.215:48868] helo=mail1.jyxo.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 87/F3-08117-513B97B4 for <internals@lists.php.net>; Mon, 15 Feb 2010 15:48:22 -0500
Received: from [192.168.2.22] (unknown [193.86.150.242])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail1.jyxo.com (Postfix) with ESMTPSA id D4EE980B3;
	Mon, 15 Feb 2010 21:48:22 +0100 (CET)
Message-ID: <4B79B311.9030200@kukulich.cz>
Date: Mon, 15 Feb 2010 21:48:17 +0100
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: Pierre Joye <pierre.php@gmail.com>
CC: internals@lists.php.net
References: <16.63.50402.0BF397B4@pb1.pair.com>	 <b54d0abe1002150728x52bfbb19hcb0dae4d30e9edfa@mail.gmail.com>	 <fe05d1541002150744q73c08eb0j5c59db49279c64a9@mail.gmail.com>	 <4B79A085.4020304@kukulich.cz> <fe05d1541002151237s32563e82h98315b7c45d3ab15@mail.gmail.com>
In-Reply-To: <fe05d1541002151237s32563e82h98315b7c45d3ab15@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Bug #50751
From: konference@kukulich.cz (=?ISO-8859-2?Q?Jaroslav_Hansl=EDk?=)

It didn't work before (tested only on windows).

<?php

ini_set('open_basedir', 'C:/');
session_save_path('file:///C:/Test');

?>

Warning: session_save_path(): open_basedir restriction in effect. 
File(file:///C:/Test) is not within the allowed path(s): (C:/) in 
C:\bug.php on line 4

Jaroslav Hanslik


Dne 15.2.2010 21:37, Pierre Joye napsal(a):
> hi,
>
> I was wondering if it worked before when "file:///somet/path" was used
>
> or if it did not, should we support it, to be consistent with what
> your patch allows (with tcp, but I can imagine other protocols at some
> point).
>
> Cheers,
>
> 2010/2/15 Jaroslav Hanslik<konference@kukulich.cz>:
>> I don't think it's supposed to work with file://. I get the same error.
>>
>> I know 4 types of session handlers:
>>
>> 1) files - save_path should be file system path
>> 2) user - save_path could be anything
>> 3) memcache - save_path uses format tcp://host:port
>> (http://cz.php.net/manual/en/memcache.ini.php#ini.memcache.save-path)
>> 4) memcached - uses format hostname:port
>> (http://cz.php.net/manual/en/memcached.sessions.php)
>>
>> So I think that save_path should be treated as file system path only if the
>> handler is "files". And that is what the patch does.
>>
>> Test script:
>>
>> <?php
>>
>> ini_set('open_basedir', 'C:/');
>> ini_set('session.save_handler', 'memcache');
>> session_save_path('tcp://localhost:11211');
>>
>> ?>
>>
>> Without patch:
>>
>> Warning: session_save_path(): open_basedir restriction in effect.
>> File(tcp://localhost:11211) is not within the allowed path(s): (C:/) in
>> C:\bug.php on line 5
>>
>> With patch:
>>
>> No warning and session works.
>>
>>
>> Jaroslav Hanslik
>>
>>
>> Dne 15.2.2010 16:44, Pierre Joye napsal(a):
>>>
>>> hi,
>>>
>>> Is it supposed to work with file:// URI as well? If yes, the patch may
>>> break this feature.
>>>
>>> It would be also nice to add a test case if possible.
>>>
>>> Cheers,
>>>
>>> On Mon, Feb 15, 2010 at 4:28 PM, Ferenc Kovacs<tyra3l@gmail.com>    wrote:
>>>>
>>>> If this is an expected behavior then I think it should be noted here:
>>>> http://www.php.net/manual/en/transports.inet.php
>>>>
>>>> Tyrael
>>>>
>>>> 2010/2/15 Jaroslav Hanslik<konference@kukulich.cz>:
>>>>>
>>>>> Hi,
>>>>>
>>>>> my bug report http://bugs.php.net/bug.php?id=50751 was marked as bogus
>>>>> but I
>>>>> still think it's a bug. The session.save_path is treated as file system
>>>>> path
>>>>> even if I use memcache as session.save_handler. Here is my patch
>>>>> http://temp.kukulich.cz/session_save_path_checked_only_if_files.txt
>>>>> (against
>>>>> PHP 5.3.1). Maybe it would be clearer what I mean. If I'm wrong, please
>>>>> someone expain me why.
>>>>>
>>>>> Jaroslav Hanslik
>>>>>
>>>>> --
>>>>> PHP Internals - PHP Runtime Development Mailing List
>>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>>
>>>>>
>>>>
>>>> --
>>>> PHP Internals - PHP Runtime Development Mailing List
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>