From PHP bug 61367:
The libxml RSHUTDOWN function disables the hooks which are used to implement open_basedir. It is possible to run user code after RSHUTDOWN, for example using the stream_close() method of a custom stream wrapper. Such code is able to read arbitrary files via libxml.
The suggested fix is to move the code which disables the hooks to a post-deactivate function. All op arrays are destroyed before post-deactivate, so it is not possible for user code to be executed after post-deactivate.
*** This bug has been marked as a duplicate of bug 169857 ***
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php