ExecutableFinder generates wrong Path #19913
Comments
|
I can confirm the issue. Status: Reviewed |
|
@tschechniker Can you please check if |
|
see #20077 |
…es (xabbuh) This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes #20077). Discussion ---------- [Process] silent file operation to avoid open basedir issues | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19913 | License | MIT | Doc PR | Using file operations on a symlink that points to a file outside the directories being allowed by the open_basedir setting leads to PHP warnings being raised. Commits ------- 30c9b1e silent file operation to avoid open basedir issues
|
@xabbuh Yes /usr/bin/java is a symlink. This is standard on many Linux distros. But i don't see how the symlink will cause this issue. From my oppinion this is a logical issue. So my open_basedir has the following content: open_basedir=/var/www/;/usr/bin/ Now you are itterating over the open_basedir $dirs[0] = "/var/www/" Now you are searching for the executeable: ==> "/usr/bin/".DIRECTORY_SEPARATOR."java"."" So from my side this is not a fault of the symlink |
|
@tschechniker It is as the symlink is pointing to a location outside of your open basedir config. Please note that PHP evaluates the symlink before trying to figure out if the path is allowed:
|
Hi,
the executableFinder is generating a wrong path if you have open_basedir in action.
For example you have installed java in /usr/bin/java and your open_basedir is set to /usr/bin/ the ExecutableFinder will return /usr/bin//java. The problem is that the open_basedir restrictions now say your are not allowed to access /usr/bin//java because of the two slashes.
See: https://github.com/symfony/process/blob/master/ExecutableFinder.php#L82
Best regards
Tobi
The text was updated successfully, but these errors were encountered: