1--TEST-- 2Bug #61367: open_basedir bypass in libxml RSHUTDOWN: write test 3--EXTENSIONS-- 4dom 5--INI-- 6open_basedir=. 7--FILE-- 8<?php 9 10class StreamExploiter { 11 public $context; 12 13 public function stream_close ( ) { 14 $doc = new DOMDocument; 15 $doc->appendChild($doc->createTextNode('hello')); 16 var_dump($doc->save(dirname(getcwd()) . '/bad')); 17 } 18 19 public function stream_open ( $path , $mode , $options , &$opened_path ) { 20 return true; 21 } 22} 23 24var_dump(mkdir('test_bug_61367-write')); 25var_dump(mkdir('test_bug_61367-write/base')); 26var_dump(file_put_contents('test_bug_61367-write/bad', 'blah')); 27var_dump(chdir('test_bug_61367-write/base')); 28 29stream_wrapper_register( 'exploit', 'StreamExploiter' ); 30$s = fopen( 'exploit://', 'r' ); 31 32?> 33--CLEAN-- 34<?php 35@unlink('test_bug_61367-write/bad'); 36rmdir('test_bug_61367-write/base'); 37rmdir('test_bug_61367-write'); 38?> 39--EXPECTF-- 40bool(true) 41bool(true) 42int(4) 43bool(true) 44 45Warning: DOMDocument::save(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (.) in %s on line %d 46 47Warning: DOMDocument::save(%s): Failed to open stream: Operation not permitted in %s on line %d 48bool(false) 49
