Search code examples
phppermissionsincludephp4fwrite

PHP4 problems with include() within a file created by fwrite()

I have a file called generator.php that uses fwrite() to create a result.php on the server (Apache, PHP4).

One of the lines in result.php is a PHP include() statement.

So, in generator.php:

if (!is_file($fname)){
    $resultfile = fopen($current_path . "/" . $fname, "w+");
}
fwrite($resultfile, '<?php include($_SERVER["DOCUMENT_ROOT"] . "'. '/inc/footer.php"); ?>' . "\n");
fclose($resultfile);
chmod($current_path . "/" . $fname, 0755);

And in result.php:

<h2>Sponsored Links</h2>
<!-- begin sidebar_top ad -->
<?php echo $_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php" . "<hr />";
  include($_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php"); ?>
<!-- end sidebar_top ad -->

But that include() statement doesn't work when I visit result.php in a browser. The echo statement does, so I know the path is correct.

Another test.php with the same code, which I uploaded using FTP into the same folder, works fine.

The code in the same in both files, when recovered via FTP.

In test.php: (works, echoes and includes correctly.)

<?php 
echo $_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php" . "<hr />";
include($_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php"); 
?>

Any idea why the include() is working in test.php (created manually) and not in result.php (created using fwrite()), when both are in the same folder?

The only differences I know of between the files:

  1. Owner could be different (wouldn't result.php be created by user nobody?)
  2. Permissions are originally different. FTP'd file (working) is 0775, while the ones created using fwrite() (include not working) had 664, and is chmoded by the generator.php to 0775.
  3. Working test.php file was edited on a Mac with Smultron and uploaded via FTP, while result.php was created by fwrite() in generator.php on Linux, called from a browser.
Solution

  • When PHP4 safe mode is on, the result.php, being written by another uid, cannot not access the included file, which belongs to another uid.

    SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access /var/www/vhosts/example.com/httpdocs/ads/sidebar_top.php owned by uid 10010 in /var/www/vhosts/example.com/httpdocs/results/result.php on line 130

    I resolved this by opening php.ini and changing to safe_mode_gid = On, and adding my includes directory to safe_mode_include_dir.

    I also had to restart Apache to let the changes take effect.