Red Hat Bugzilla – Bug 103079
Included files do not respect safe mode directive
Last modified: 2007-04-18 12:57:08 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208
Description of problem:
The "include" directive does not respect safe_mode constraints.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. activate safe_mode
2. create a user php file with the content
<?php include("/etc/passwd") ?>
3. point your browser at it
Actual Results: You see the content of /etc/passwd
Expected Results: You should get an error complaining about safe mode being in
It seems that the problem is already known:
A further test shows that this bug only applies to absolute path includes.
<? include "../../../etc/passwd"; ?>
fails as it should, while
<? include "/etc/passwd"; ?>
includes the file. The problem certainly lies in function "php_fopen_with_path",
inside "main/fopen_wrappers.c"; as soon as I have time, will try and track it
down more closely.
Forgive me for the fuss I've made... no bug in PHP, simply my /etc/php.ini which
had the line
safe_mode_include_dir = /usr/share/pear:
with the ending colon... this caused every path to match.