Calling the Pear Mail class in some instances automatically attempts to read /dev/urandom, however access is restricted due to an open_basedir setting. Is it safe to add /dev to open_basedir? Or is there a better way around this?
...
For my web hosting panel, users need to be blocked from accessing files outside their own directory (/var/www/u/s/username). I tried to use this line in httpd.conf to prevent people from going up a directory.
php_admin_value open_basedir .:/usr/lib/php5
But in php.ini, it seems to have no effect. What am I doing wrong?
...
It's PHP question.
I set open_basedir, and it is not more possible for access for the folder in the hierarchy of the bottom even if I make it accessible for a specific directory.
For example, when it was the directory of the hierarchy that said /home/user1/test/example/
open_basedir=.: /home/user1/test/
When I set the file arrang...
I've recently gotten an error when I deployed an application. It used "is_readable" on a path within the include path, but one that was restricted by "open_basedir". This gave me a fatal error.
Is there another function that I could use to see if a file is includable, before actually including it?
Edit: this works, but how do I detect...
We have several vhosts that all include files from another vhost so in the httpd.conf we have added
php_admin_value open_basedir "..........:/home/commonfi"
I was wondering whether I could add something to the commonfi vhost setup to allow any site to access the files without having to specify /home/commonfi in the open_basedir for e...
Reviewing logfiles to figure out why my site was down a few days ago, I found hundreds of lines like these (partially redacted with "x"):
[Fri Nov 27 23:14:36 2009] [error]
[client xxx.xxx.xxx.xxx] PHP Warning:
require_once(): open_basedir
restriction in effect.
File(/var/www/xxx/xxx.php) is not
within the allowed path(s):
...
I'm getting this error when avatars are being uploaded on my site. I've changed "open_basedir = /home/" to "open_basedir =" in my php.ini on my server. It's a dedicated server and I rebooted it after making the adjustment.
Warning: is_writable() [function.is-writable]: open_basedir restriction in effect. File(/) is not within the allo...
As you know. You have to write open_basedir = '/var/home' etc
I want to write like this: open_basedir = '/var/home/*/'
Which i want is php should restrict every directory which is in home directory, for every different directories.
Short question: How can i write open_basedir like this: open_basedir = 'var/home/*/'?
Thank you very mu...
In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html
/home/[user]/public_html/
How can I prevent users from accessing the files of other users?
...
In the perpetual pursuit of security, I've been applying an open_basedir restriction to my Debian hosting with PHP 5.2.6.
I'm sometimes getting errors like: File(/var/www/remos/access-logs) is not within the allowed path(s): (/var/www)
Or if the open_basedir is changed to have a slash on the end: File(/var/www/remos/access-logs) is not...
Hey,
I have a php file (currently at / ) and I want this file to change the content of a file, "test.js".
This file is in the dir "/libs/js/test.js". While I can read the content, for example with fread or file_get_contents, I can not write in it with file_put_contents or any other function.
I always get the Warning
Warning: rename...
Hello,
On my server, I have following setting:
open_basedir
/home/
:/usr/lib/php
:/usr/local/lib/php
:/tmp/
:/usr/local/
:/usr/bin
Now, I am little bit confused about ending / in the / home / setting, does that mean that all subfolders inside home have same rights? or does it mean that only home files can...
I want to return the value of open_basedir in a php script.. how can I do it?
If value is blank it should echo that is blank..
Thanks!
...
Hi
I've came across on this problem, I have a sever running apache and php. We have many virtual hosts but we've noticed that a potentially malicious user could use his web space to browse other user's files(via a simple php script) and even system files, this could happens due to the php permissions.
A way to avoid it is to set the open...
open_basedir restriction in effect. File(/var/www/vhosts/domain.com) is not within the allowed path(s): (/var/www/vhosts/domain.com/httpdocs:/tmp)
How do I securely fix this? This is preventing me from listing and creating directories outside of the current directory. What I mean by securely is that I don't want to remove a piece of co...
Hi guys,
I've got some PHP code that'll create a new file in a set directory:
$target_path = "reports/" . basename($Report_Filename) . ".php";
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { /* code here */ }
It was working perfectly, and has done for some years now, unfortunately we've just moved across t...
A user on my site and I are going to be developing a new web app. Id like to create a folder that we can work in without the fear that he could read outside that folder potentially reading config files etc.
Is there a way to create a sandboxed area that would prevent the user from including outside that folder - while still keeping the ...
Short story:
I'm getting an open_basedir restriction in my php script - a simple "test writing a new file to disk" script. It SEEMS to me that I've got the open_basedir settings correct and the file is in the right location - but no luck, just the same error every time. I've searched for similar open_basedir problems on this site, but...