5.1.4. Open Basedir

5.1.4.1. 机制实现

PHP中Disable Function的实现是在php-src/main/fopen-wrappers.c中,实现方式是在调用文件等相关操作时调用函数根据路径来检查是否在basedir内,其中一部分实现代码如下:

  1. PHPAPI int php_check_open_basedir_ex(const char *path, int warn)
  2. {
  3.     /* Only check when open_basedir is available */
  4.     if (PG(open_basedir) && *PG(open_basedir)) {
  5.         char *pathbuf;
  6.         char *ptr;
  7.         char *end;
  8.  
  9.         /* Check if the path is too long so we can give a more useful error
  10.         * message. */
  11.         if (strlen(path) > (MAXPATHLEN - 1)) {
  12.             php_error_docref(NULL, E_WARNING, "File name is longer than the maximum allowed path length on this platform (%d): %s", MAXPATHLEN, path);
  13.             errno = EINVAL;
  14.             return -1;
  15.         }
  16.  
  17.         pathbuf = estrdup(PG(open_basedir));
  18.  
  19.         ptr = pathbuf;
  20.  
  21.         while (ptr && *ptr) {
  22.             end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
  23.             if (end != NULL) {
  24.                 *end = '\0';
  25.                 end++;
  26.             }
  27.  
  28.             if (php_check_specific_open_basedir(ptr, path) == 0) {
  29.                 efree(pathbuf);
  30.                 return 0;
  31.             }
  32.  
  33.             ptr = end;
  34.         }
  35.         if (warn) {
  36.             php_error_docref(NULL, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
  37.         }
  38.         efree(pathbuf);
  39.         errno = EPERM; /* we deny permission to open it */
  40.         return -1;
  41.     }
  42.  
  43.     /* Nothing to check... */
  44.     return 0;
  45. }