Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.10.16

Request #14391 Set tmp path and open_basedir
Submitted: 2008-07-23 07:25 UTC
From: lotabi Assigned:
Status: Wont fix Package: PEAR (version 1.7.2)
PHP Version: Irrelevant OS: Linux Debian Etch 2.6.24-1-686-b
Roadmaps: (Not assigned)    
Subscription  


 [2008-07-23 07:25 UTC] lotabi (Alessandro De Zorzi)
Description: ------------ Using Spreadsheet_Excel_Writer 0.9.1 beta with safe_mode = On set in php.ini I get this error: SAFE MODE Restriction in effect. The script whose uid/gid is 10005/10005 is not allowed to access /tmp owned by uid/gid 0/0 in <b>/usr/share/php/System.php</b> on line <b>459</b><br /> I use my custom System.php with only one line changed that presume each virtual have a "tmp" dir inside, and all works fine #return realpath('/tmp'); return realpath('/mnt/www/'.$_SERVER["SERVER_NAME"].'/tmp'); I use suphp and suhosin in combination with safe_mode = On Alessandro De Zorzi Test script: --------------- <?php require_once 'Spreadsheet/Excel/Writer.php'; $workbook = new Spreadsheet_Excel_Writer(); $workbook->send('Report.xls'); $xls =& $workbook->addWorksheet('Report'); $xls->printArea(0,0,17,35); $xls->write($row,0,'TEST OK',$color); $workbook->close(); ?> // sending HTTP headers $workbook->send('Report_'.$report["year"].'-'.$report["month"].'.xls'); // Creating a xls $xls =& $workbook->addWorksheet('Report '.$report["year"].' '.$report["month"]); //$xls->setPortrait (); $xls->setPortrait (); $xls->printArea(0,0,17,35); Expected result: ---------------- A XLS file with "TEST OK" in the first cell. Actual result: -------------- A XLS file with an PHP Warning inside: <br /> <b>Warning</b> realpath() [<a href='function.realpath'>function.realpath</a>] SAFE MODE Restriction in effect. The script whose uid/gid is 10005/10005 is not allowed to access /tmp owned by uid/gid 0/0 in <b>/usr/share/php/System.php</b> on line <b>459</b><br />

Comments

 [2008-08-02 16:09 UTC] tias (Tias Guns)
Hi, I've been chasing a number of open_basedir bugs related to PEAR_Frontend_Web. The behaviour you describe is indeed very annoying, simply including PEAR/Config.php will trigger the warning, even if you have a fully valid config that will be loaded later on. The current and clumsy way to avoid this error is to putenv a temporary variable before including a file, like Marcel Wiechmann describes in bug #13167 The correct way for PEAR to fix this is by removing the realpath() call, which is harmless: 1) realpath removes symbolic links etc, but this is unneeded since the path is /tmp 2) realpath fails if the path doesn't exist, however in almost all cases this /tmp directory will not be used: when the PEAR config is loaded, a valid temp path will be set. Even if in some way this tmp path would be used and the /tmp dir wouldn't exist, then on usage an error will be thrown, so the user will be able to behave better and set a valid temp dir in his config. So in System.php on line 459: return @realpath('/tmp'); should be changed to return '/tmp'; Tias
 [2009-02-08 07:36 UTC] dufuz (Helgi Þormar Þorbjörnsson)
What if /tmp is a symbolic link to another directory ? Then we would not be catching that case anymore.
 [2009-03-25 04:16 UTC] dufuz (Helgi Þormar Þorbjörnsson)
-Status: Open +Status: Wont fix
The realpath was added as a fix for people wanting to use symbolic links. People with issues need to set their TMP or TEMP or TMPDIR environment. e.g. TMPDIR=/whatever pear