| Posted by kenw232, 01-12-2013, 11:50 PM | | Hi, I'm running PHP 5.3.16 on Linux. I have a site that I use open_basedir for in the apache config. For example:
...
php_admin_value open_basedir "/path1:/path2:/path3"
But when I try to read a local file in this web site with something like $Command = `/bin/cat /path4/file.txt`; it works.
Why does it work? path4 is not in open_basedir. Doing a phpinfo() confirms open_basedir is still only "/path1:/path2:/path3". I'm confused.
|
| Posted by kenw232, 01-13-2013, 03:26 AM | I see I have to disable_function = shell_exec. But it still does not work.
This PHP:
File Output:
";
$sCMD = `/bin/cat /tmp/test.txt`;
echo $sCMD;
?>
Outputs This:
disable_functions: system,passthru,exec,popen,proc_close,proc_open,shell_exec,highlight_file,escapeshellcmd,pclose,chgrp,ftp_exec,escapeshellarg,myshellexec,escapeshella rg,dl
File Output:
this is from /tmp/test.txt
Why? Why does the backticks still work if shell_exec and exec are disabled?
|
| Posted by BestServerSupport, 01-13-2013, 05:09 AM | | Check in virtualhost settings of the website you are testing with in httpd.conf and check if the following lines exists:
php_admin_value open_basedir "/home/user/:/usr/lib/php:/usr/local/lib/php:/tmp"
|
| Posted by kenw232, 01-13-2013, 06:56 AM | | No, that does not exist. When I do a $sCMD = `/bin/cat /tmp/test.txt`; openbase_dir is ignored for some reason. So I'm trying to do disable_function on shell_exec which is suppose to turn off backticks like that too. But this doesn't work either, it always executes the /bin/cat /tmp/test.txt if I try to stop it with openbase_dir or disable_function = shell_exec.
|
|
 Add to Favourites
 Print this Article
|
