Logged In: YES
user_id=210714
Originator: NO

Sorry but I don't get your point. You are reporting this as a phpMyAdmin bug because the warning was displayed?

Logged In: YES
user_id=1312539
Originator: NO

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

Logged In: YES
user_id=1923365
Originator: NO

Hi lem9

I want to give feedback to this ticket - I'm helping with the isp-control ispcp project and we came across this issue again in the forum.
I don't know why the OP didn't answer ...

The issue
condition:
open_basdir restriction set, eg: "/var/www/ispcp/gui/"
and the following settings in pma :
$cfg['UploadDir'] = '/var/www/ispcp/gui/phptmp';
$cfg['SaveDir'] = '/var/www/ispcp/gui/phptmp';
appearance:
when clicking on Import in phpMyAdmin, eg: /pma/db_import.php
consequence:
a php warning is issued (log file or displayed if enabled):

[27-Oct-2007 12:10:23] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: open_basedir restriction in effect. File(/var/www/ispcp/gui/phptmp/..) is not within the allowed path(s): (/var/www/ispcp/gui/:...) in /var/www/ispcp/gui/tools/pma/libraries/file_listing.php on line 24

The relevant function in libraries/file_listing.php:

function PMA_getDirContent($dir, $expression = '')
{
user_error($dir. ' - '. $expression);
if ($handle = @opendir($dir)) {
$result = array();
if (substr($dir, -1) != '/') {
$dir .= '/';
}
while ($file = @readdir($handle)) {
if (is_file($dir . $file) && ($expression == '' || preg_match($expression, $file))) {
$result[] = $file;
}
}
@closedir($handle);
asort($result);
return $result;
} else {
return FALSE;
}
}

line 24 is the one with "is_file(...)".

The problem: alle directory entries of the given directory are proved with "is_file" - also the entry ".."
but this is forbidden by the open_basedire restriction.
Now, I just noticed: if I set "/var/www/ispcp/gui" instead of "/var/www/ispcp/gui/" then the warning is not issued - this seems to be a php issue...

But only in out situation...
If open_basedir is set to the same directory as the upload folder, then a warning will be issued anyway

Conclusion:
The entry ".." should be excluded from the "is_file" check... see below...

Thanx
Christian

while ($file = @readdir($handle)) {
if (($file != '..') && is_file($dir . $file) && ($expression == '' || preg_match($expression, $file))) {
$result[] = $file;
}
}

Logged In: YES
user_id=210714
Originator: NO

Christian,
I cannot reproduce this problem with PHP 5.2.4.
Which PHP version are you using?
Are you running with an additional security layer like Suhosin?

Anyway, reading the documentation for open_basedir, the message you get does not make sense because /var/www/ispcp/gui/phptmp/.. is within the allowed path /var/www/ispcp/gui/

Logged In: YES
user_id=1923365
Originator: NO

Hi Marc

I'll investigate more on this.
I use debian etch, so php 5.2.0-8... suhosin is enabled.

I'll do more checks and try to find out where's the problem.
I'll come back here :-)

Christian

Logged In: YES
user_id=1923365
Originator: NO

ok

I set suhosin.simulation = On so this should be ok

Following setting:
php.ini:
open_basedir = "/var/www/ispcp/gui:/tmp/"
pma-config:
$cfg['UploadDir'] = '/tmp';

-> Warnings
[13-Nov-2007 01:47:45] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: open_basedir restriction in effect. File(/tmp/..) is not within the allowed path(s): (/var/www/ispcp/gui:/tmp/) in /var/www/ispcp/gui/tools/pma/libraries/file_listing.php on line 24
[13-Nov-2007 01:47:45] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: open_basedir restriction in effect. File(/tmp/.) is not within the allowed path(s): (/var/www/ispcp/gui:/tmp/) in /var/www/ispcp/gui/tools/pma/libraries/file_listing.php on line 24

with:
$cfg['UploadDir'] = '/tmp/a';

-> Warning:
[13-Nov-2007 01:49:56] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: open_basedir restriction in effect. File(/tmp/a/..) is not within the allowed path(s): (/var/www/ispcp/gui:/tmp/) in /var/www/ispcp/gui/tools/pma/libraries/file_listing.php on line 24

So - maybe this is a php bug (with is_file) but at least the warning could be prevented in pma by checking for ".." and "." before running is_file on it.

I run "original PHP" from debian etch: "PHP 5.2.0-8+etch7 (cli) (built: Jul 2 2007 21:46:15)"
With fastcgi/suexec...

You're right lem9 - the file is within the open_basedir - I'm also wondering...

maybe I have to write a proof of concept - but then it's a php bug in is_file...

Cheers Christian

Logged In: YES
user_id=1923365
Originator: NO

Hi again

if you cannopt reproduce it - it's maybe a fixed bug:

http://bugs.php.net/bug.php?id=41518

5.2.4 must be the first PHP version where it's fixed - maybe someone could confirm this???

Thanx,
Christian

Logged In: YES
user_id=1923365
Originator: NO

Hi

I just got the message that the Warning is not issued with PHP 5.2.5.
So I really think it's caused by the already fixed PHP Bug 41518

But - nevertheless I recommend to change the mentioned line so also some older PHP version don't throw a warning in such situations...

Cheers
Christian

Logged In: YES
user_id=210714
Originator: NO

Fixed in subversion, thanks for reporting.

Logged In: YES
user_id=1923365
Originator: NO

Hi Marc

I think you should also test on '.', as I wrote on "2007-11-13 01:58" - in our program (ispcp) only the '..' is relevant but in other configurations also '.' should be excluded from is_file...

But thanks anyway - looking forward to the next release :-)

Christian

25 // for PHP < 5.2.4, is_file() gives a warning when using open_basedir
26 // and opening '..'
27 if ('.' != $file && '..' != $file && is_file($dir . $file) && ($expression == '' || preg_match($expression, $file))) {
28 $result[] = $file;
29 }

Logged In: YES
user_id=210714
Originator: NO

Hi Christian,
now done.