9

I'm getting the following warning when using PHPass (http://www.openwall.com/phpass/):

open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s)

Although this is not a big problem (it will fall back on something else), I'd like not to have this warning. The PHP application should run on different servers, some users will be able to add that path to their allowed open_basedir paths, but others won't have access to that configuration.

My first guess was to check readability with is_readable(), however, I'm still getting the warning.

The question: How do I check if a certain path or file has been added to the open_basedir paths?

T.S.
  • 1,242
  • 13
  • 22

3 Answers3

3

You can read the value of PHP directives with the ini_get() function:

ini_get('open_basedir')

If the directive's not empty, it should contain a string with one ore more paths separated by PATH_SEPARATOR.

Álvaro González
  • 142,137
  • 41
  • 261
  • 360
  • What do you suggest as far as checking if a file path is within the allowed ones? – Wesley Murch Jan 29 '14 at 09:50
  • About the open_basedir value, quote from PHP doc: Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. – Linblow Jan 29 '14 at 09:51
  • @Linblow just use `PATH_SEPARATOR` and you have no worries. – Wesley Murch Jan 29 '14 at 09:51
  • I'll use this, but I hoped for a simpler way. This still requires quite a bit of code to check whether the path is in there. Imagine a very deep directory (e.g., /a/b/c/d/e/f/g/), you'd have to check for every parent directory as well... – T.S. Jan 29 '14 at 10:10
1

You can use is_readable and disable the warning for this function with a @.

If is_readable returns false then you know that it's not readable.

$readable = @is_readable(..);
if(!$readable) {
    ....not readable
}
Maarkoize
  • 2,601
  • 2
  • 16
  • 34
  • May not matter to the OP, but: this will suppress errors other than "open_basedir restriction in effect" (such as not having read rights, not finding the file, etc.) – Wesley Murch Jan 29 '14 at 09:53
  • Oh are you sure? I thought that all errors and warnings will be disabled by the @ – Maarkoize Jan 29 '14 at 09:56
  • This was indeed the first thing I tried, but for some reason the warning still showed up. – T.S. Jan 29 '14 at 10:10
  • @MarcelBalzer Right, it suppresses all errors. It only matters if you want to know what the error was (in case it was not an open_basedir error). Just thought I'd mention it for consideration. T.S. How exactly are you using this? Because it *should* work. – Wesley Murch Jan 29 '14 at 12:23
  • In my tests @is_readable still throws an exception when open_basedir() is effective. – andig Oct 20 '15 at 11:20
1

file_exists emits a warning if directory is restricted. Let's use it:

function isRestricted($path)
{
    // Default error handler is required
    set_error_handler(null);

    // Clean last error info. You can do it using error_clean_last in PHP 7.
    @trigger_error('__clean_error_info');

    // Testing...
    @file_exists($path);

    // Restore previous error handler
    restore_error_handler();

    // Return `true` if error has occured
    return ($error = error_get_last()) && $error['message'] !== '__clean_error_info';
}
Finesse
  • 9,793
  • 7
  • 62
  • 92