[2006-06-11 10:35 UTC] jr at terragate dot net

Description:
------------
_php_stream_fopen_with_path will try to open files relative 
to / if the given file does not exist in the current working 
directory.

Fix:

http://jr.terragate.net/Public/php/
_php_stream_fopen_with_path.diff

Index: main/streams/plain_wrapper.c
============================================================
=======
RCS file: /repository/php-src/main/streams/plain_wrapper.c,v
retrieving revision 1.52.2.6
diff -u -u -r1.52.2.6 plain_wrapper.c
--- main/streams/plain_wrapper.c        17 Jan 2006 02:32:09 
-0000      1.52.2.6
+++ main/streams/plain_wrapper.c        11 Jun 2006 10:01:11 
-0000
@@ -1316,6 +1316,10 @@
                        *end = '\0';
                        end++;
                }
+               if (*ptr == '\0') {
+                       ptr = end;
+                       continue;
+               }
                snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, 
filename);
 
                if (((options & STREAM_DISABLE_OPEN_BASEDIR) 
== 0) && php_check_
open_basedir_ex(trypath, 0 TSRMLS_CC)) {



Reproduce code:
---------------
<?php 

include 'etc/hosts';

?>

Expected result:
----------------
Warning: include(etc/hosts): failed to open stream: No such 
file or directory in ...


Expected existence checks (include_path=.:):

cwd/etc/hosts
script_execution_path/etc/hosts





Actual result:
--------------
Output of /etc/hosts


Actual existence checks (include_path=.:):

cwd/etc/hosts
/etc/hosts
script_execution_path/etc/hosts

 [2006-09-12 15:49 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.