Opened 15 years ago
Closed 15 years ago
#7323 closed defect (wontfix)
Reopen: open_basedir issue
| Reported by: | anonymous | Owned by: | Rob Smith |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.22 |
| Component: | Plugin - MythWeb | Version: | unknown |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
Reopened Ticket #7316.
There is an issue with activated open_basedir restriction and apache version 2.2.14. This error is displayed on every page.
Does "open_basedir" really belong to safemode? I use php 5.3 without safemode but I got this error.
Warning at /srv/www/mythweb/classes/Modules.php, line 30: file_exists(): open_basedir restriction in effect. File(./modules/welcome.php/init.php) is not within the allowed path(s): (/srv/http/:/srv/www/:/home/:/tmp/:/usr/share/pear/:/usr/share/fonts/TTF/) -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Warning at /srv/www/mythweb/modules/_shared/tmpl/default/header.php, line 16: Cannot modify header information - headers already sent by (output started at /srv/www/mythweb/includes/errors.php:148)
Note: See
TracTickets for help on using
tickets.
It's a part of safe mode but it's not governed by the safe mode on/off flag.
http://www.php.net/manual/en/ini.sect.safe-mode.php
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: open_basedir = /dir/incl/
The default is to allow all files to be opened.