Opened 12 years ago

Closed 12 years ago

#7323 closed defect (wontfix)

Reopen: open_basedir issue

Reported by: anonymous Owned by: Rob Smith
Priority: minor Milestone: 0.22
Component: Plugin - MythWeb Version: unknown
Severity: medium Keywords:
Cc: Ticket locked: no


Reopened Ticket #7316.

There is an issue with activated open_basedir restriction and apache version 2.2.14. This error is displayed on every page.

Does "open_basedir" really belong to safemode? I use php 5.3 without safemode but I got this error.

Warning at /srv/www/mythweb/classes/Modules.php, line 30:
file_exists(): open_basedir restriction in effect. File(./modules/welcome.php/init.php) is not within the allowed path(s): (/srv/http/:/srv/www/:/home/:/tmp/:/usr/share/pear/:/usr/share/fonts/TTF/)



Warning at /srv/www/mythweb/modules/_shared/tmpl/default/header.php, line 16:
Cannot modify header information - headers already sent by (output started at /srv/www/mythweb/includes/errors.php:148)

Change History (1)

comment:1 Changed 12 years ago by Rob Smith

Resolution: wontfix
Status: newclosed

It's a part of safe mode but it's not governed by the safe mode on/off flag.

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.

The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".

Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.

The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: open_basedir = /dir/incl/

The default is to allow all files to be opened.

Note: See TracTickets for help on using tickets.