Stupid open_basedir handling in PHP

Posted by ads' corner on Tuesday, 2008-04-29
Posted in [Php][Stupid]

I have an application which has to run on different webservers (or to be more specific on servers with a different directory layout). On one servers the php files are in /usr/home, the next one is using /www, the third one /var/www and last but not least my laptop has the files in my home directory which is under /home.

No problem - or?

Since we want a bit of security, we have open_basedir activated. Now the script has to check if a specific directory exists. I added this directory name to the open_basedir settings on all webservers. But surprise PHP tries to be intelligent. On servers where the specific directory does not exist, PHP removes the directory name from the open_basedir directory list (note: this cost another stat() call on startup).

You imagine what comes next? Now the is_dir() call on this server fails, because of an open_basedir restriction in effect error.


Categories: [Php] [Stupid]
Tags: [Php] [Stupid] [Webserver]