Spurious open_basedir warning

10 years ago by Christoph Becker — view source

unread

Hello Internals,

there are several bug reports related to open_basedir and non-existant
files/directories.[1] uramihsayibok's comment on bug #53041 sheds some
light on the issue. A few weeks ago I had a closer look at it, and it
seems that using expand_filepath_with_mode() instead of
expand_filepath() in php_check_specific_open_basedir() would fix the bug
(see my patch[2]).

I am, however, not sure whether that might have security implications.
Could one of the experienced developers please have a look at the issue?
Apparently, the spurious open_basedir warning is confusing, and it's
something that is often encountered.

[1] https://bugs.php.net/bug.php?id=41518
https://bugs.php.net/bug.php?id=44901
https://bugs.php.net/bug.php?id=52065
https://bugs.php.net/bug.php?id=53041
https://bugs.php.net/bug.php?id=64573
https://bugs.php.net/bug.php?id=65211
https://bugs.php.net/bug.php?id=67378
https://bugs.php.net/bug.php?id=69240
[2]
https://bugs.php.net/patch-display.php?bug_id=52065&patch=open-basedir-without-realpath&revision=latest

--
Christoph M. Becker