i will have numerous subdirectories eg. /home/a, /home/a/file, /home/a/txt, /home/b, /home/b/file, /home/b/txt, etc.
the subdirectories are created on demand. i need to add all subdirectories to open_basedir.
pls advise how to make open_basedir recognise all subdirectories of a top path?
From http://php.net/manual/en/ini.core.php#ini.open-basedir
The restriction specified with open_basedir is a directory name since PHP 5.2.16 and 5.3.4. Previous versions used it as a prefix. This means that "open_basedir = /dir/incl" also allowed access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: open_basedir = /dir/incl/
/dir/incl/ = only the directory no subdirectories
dir/incl = all subdirectories
If Apache doesn't find some directory within specified path -- upgrading of some php module may fix the problem. I have such problem when used PHP 5.3.15 and eAccelerator which has been installed when I used PHP 5.3.3.
PHP with eAccelerator was unable to include all subdirectories within specified open_basedir, until I upgraded eAccelerator to appropriate version of PHP.
open_basedir means all subdirectories are available, once the basedir is on your include_path. You will of course need to make sure any paths to included files are correct, e.g. If you want something in /home/b/file you'll need to
include('b/file/myfile.php');
Related
I'm currently having an issue trying to upload a file (an image) and sending it to a folder, this for a CMS/blog where people can comment and create profiles with pictures, unfortunately, XAMPP won't allow me to send it and it displays this message
`Warning: move_uploaded_file(../images/ ): failed to open stream: Permission denied in C:\xampp\htdocs\CMS\CMS_TEMPLATE\admin\includes\add_post.php on line 19
Warning: move_uploaded_file(): Unable to move 'C:\xampp\tmp\php37A6.tmp' to '../images/ ' in C:\xampp\htdocs\CMS\CMS_TEMPLATE\admin\includes\add_post.php on line 19
I know is a problem with the permission or privileges to read and change files, but even when I changed those permissions on the folder to let it write and modify files, the error messages still appear, I'm working on windows 8.1 with XAMPP and I haven't found a solution to this, it would be really helpful if anyone could help me. Also here's the code if anyone needs to see it.
<?php
if(isset($_POST['create_post'])) {
$post_title = $_POST['title'];
$post_author = $_POST['author'];
$post_category_id = $_POST['post_category_id'];
$post_status = $_POST['post_status'];
$post_image = $_FILES['post_image']['name'];
$post_image_temp = $_FILES['post_image']['tmp_name'];
$post_tags = $_POST['post_tags'];
$post_content = $_POST['post_content'];
$post_date = date('d-m-y');
$post_comment_count = 4;
move_uploaded_file($post_image_temp, "../images/ " );
}
?>
<div class="form-group">
<input type="file" class="form-control" name="post_image">
</div>
Thank you!
The function move_uploaded_file is available in
(PHP 4 >= 4.0.3, PHP 5, PHP 7, PHP 8)
and in PHP's official documentation defined as following
move_uploaded_file(string $from, string $to): bool:
This function checks to ensure that the file designated by from is a
valid upload file (meaning that it was uploaded via PHP's HTTP POST
upload mechanism). If the file is valid, it will be moved to the
filename given by to. This sort of check is especially important if
there is any chance that anything done with uploaded files could
reveal their contents to the user, or even to other users on the same
system.
This function is open_basedir aware. However, restrictions are
placed only on the to path as to allow the moving of uploaded files in
which from may conflict with such restrictions. move_uploaded_file()
ensures the safety of this operation by allowing only those files
uploaded through PHP to be moved.
Return Values
This functon returns true on success.
1. If from is not a valid upload file
Then no action will occur, and move_uploaded_file(...) will return false.
2. If from is a valid upload file, but cannot be moved for some reason
Then no action will occur, and move_uploaded_file(...) will return false. Additionally, a warning will be issued (#MiguelDavid your case).
Referring to open_basedir string
Limit the files that can be accessed by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to access it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir.
open_basedir can affect more than just filesystem functions; for example if MySQL is configured to use mysqlnd drivers, LOAD DATA INFILE will be affected by open_basedir. Much of the extended functionality of PHP uses open_basedir in this way.
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is a directory name, not a prefix. The default is to allow all files to be opened.
open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set(). When listing several directories, you can use the PATH_SEPARATOR constant as a separator regardless of the operating system.
Also take a look at upload_tmp_dir string
The temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as. If not specified PHP will use the system's default.
If the directory specified here is not writable, PHP falls back to the system default temporary directory. If open_basedir is on, then the system default directory must be allowed for an upload to succeed.
In your case xampp temporary directory is located:
C:\xampp\tmp and it,s also writable, so nothing to do there!
... To fix your issue / finish ...
Now that function move_uploaded_file is open_dir aware as already mentioned, give the directory for your images the appropriate owner permissions (e.g.: 0755):
../images/
This will get you out of the issue!
According to Dan Delaney on https://www.php.net/manual/en/function.move-uploaded-file.php#86332 you might need to set the "upload_tmp_dir" to an existing directory within you websites directory structure, since you are running on Windows.
Search for "upload_tmp_dir" in your php.ini file and set it to a path pointing to an existing directory:
upload_tmp_dir = "path_to_your_custom_tmp_dir"
I use open_basedir with the ini_set function. I want to restrict it to a specific directory like this
__DIR__ . '/my_directory';
So like this it works! I can't include the parent folder with this include
include "../parent/my_file.php";
But if I use this
include include __DIR__ . '../parent/my_file.php';
I can access to the parent folder despite I have an open_basedir active.
When I get all included files I can see my parent folder included like this :
"/my_directory/../parent/my_file.php
So I think PHP understands them like a folder and don't see that it's the parent folder. I am right?
Do you know if there is a solution to this problem? Because I need to restrict the include to my specific folder and I don't want to go higher in the hierarchy.
PS. I'm a newbie on SO. I hope it was understandable!
Thanks in advance!
Even when specifying open_base_dir in PHP, there is several commands that can bypass this if they are enabled (like system() )
You should make sure that your Apache (or other webserver) configuration also limits the user to a certain root.
The default open_basedir restrictions for shared Linux hosting accounts have no value. PHP scripts can access all directories within your hosting account.
If your apache config has:
php_admin_value open_basedir "/var/www/vhosts/httpdocs"
than this will override you php settings.
Please create a file to check phpinfo like this and verify what the setting is there:
<?php
phpinfo();
?>
I have a VPS using FastCGI (WHM/cPanel). As I understand it, open_basedir must be set using a php.ini file in each user's /home/ directory (E.g.: setting it globally in apache config file will not work).
I want to use open_basedir for improved security, as I recently had a hack that involved traversing through different user's directories
I have added this value to a home directory's php.ini file:
open_basedir = /home/USERNAME/public_html:/usr/lib/php:/usr/local/lib/php:/tmp
What I want to know is, is there a way to test that this is functioning properly? Presumably I would want to try and execute a .php file in another user's directory from within that first user...however I don't know of a good way to test this. Any suggestions would be greatly appreciated.
Try listing the contents of a different user's public_html folder:
<?php
print_r(shell_exec('ls /home/$anotheruser/public_html/'));
?>
If open_basedir is configured properly, you will see a directory listing for that folder.
Running PHP 5.3.1 on a Windows server, I have to modify a PHP script to access XML files on a network share. For various reasons the files cannot be placed on the PHP server, and I am not allowed to create a mapped drive on the PHP server so I have to modify the open_basedir parameter in PHP.ini to include the UNC path to the share, e.g.:
open_basedir = "E:\inetpub\;E:\DB_HubDataFiles\;\\stdmfps01\inter-departements$\CVSC-CDT-Estimation-Cedule\"
However when I try to access files on the share I get the "open_basedir restriction in effect" error. I am trying to access the files as follows:
$jobfilename = "//stdmfps01/inter-departements$/CVSC-CDT-Estimation-Cedule/" .$job . ".xml";
if (file_exists($jobfilename)) {
$jobxml = simplexml_load_file($jobfilename);
etc...
I have been assured that it is not a problem of rights, and anyway the error indicates a problem with open_basedir. So my questions are:
does open_basedir handle UNC paths under Windows (I have seen conflicting statements about this)?
if so is there some problem with my syntax?
do I have other options than using open_basedir?
Thanks.
Anyway, here's what ended up working for me, even if I am not totally clear why:
In php.ini changed the open_basedir parameter to use the IP address instead of the server name, and used the parent directory of the directory where my files are located, instead of the directory itself:
\\\nnn.nnn.nnn.nnn\inter-departements$\
instead of:
\\servername\inter-departements$\CVSC-CDT-Estimation-Cedule\
In the PHP script used the IP address as well:
$jobfile = "//nnn.nnn.nnn.nnn/inter-departements$/CVSC-CDT-Estimation-Cedule/" . ($jobid) . ".xml";
This worked for me: Replace the backslashes with slashes
open_basedir = "E:\inetpub\;E:\DB_HubDataFiles\;//stdmfps01/inter-departements$/CVSC-CDT-Estimation-Cedule/"
I have a project where Red5 is recording videos. I need PHP to be able to access the videos and move them so they can be accessed by HTML.
How can I do this?
I found this post: Accessing files outside the document root with Apache
But it involves updating some file that was never specified. And I'm not sure it is a viable solution in this case anyway.
lee
PHP by default can already access files outside the web root, unless restricted with an open_basedir directive (or safe mode, but hope you're not in that cage).
It's normally a good practice to insert within a VirtualHost configuration an open_basedir restriction. You can specify multiple directories separated by : on Linux and ; on windows.
php_admin_value open_basedir /var/www/s/stage:/usr/share/php:/your/dir
To access those files either use an absolute path or a path relative to the position of the PHP file called. (So you'll have to ../ to reach levels above).
Also be sure that directories in which you want to write to are assigned to the webserver user and have write permission.