[Process] Also check PATH in ExecutableFinder if open_basedir is set#57954
[Process] Also check PATH in ExecutableFinder if open_basedir is set#57954fritzmg wants to merge 2 commits intosymfony:5.4from
PATH in ExecutableFinder if open_basedir is set#57954Conversation
|
Thanks for the nice explanations. |
Unfortunately I am on Windows and execution of these tests are excluded on Windows 🙈. Thus I did not investigate how the tests would need to be adjusted 🤔 |
|
I think a proper fix would be to instead use the configured open basedir to ignore the directories defined in |
That's already the case with the current code. |
|
@fritzmg no. in your PR, you search in PATH even if it is outside the open_basedir restriction, because you don't filter the list |
|
Closing in favor of #58291 |
…sedir (BlackbitDevs) This PR was merged into the 5.4 branch. Discussion ---------- [Process] Fix finding executables independently of open_basedir | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | - | License | MIT This backports #47422 to 5.4, which is a bugfix really. Instead of #58008 and #57954 /cc `@xabbuh` `@fritzmg` Commits ------- 4424763 [Process] Fix finding executables independently of open_basedir
The current version of the
ExecutableFinderonly checks the paths in theopen_basedirwhen set. However, this will cause theExecutableFindernot find the executable in question if it is in a subfolder of one of theopen_basedirpaths.For example the environment might be configured as follows:
PATH=/usr/binopen_basedir=/usrIn this case the
ExecutableFinderonly checks the/usrfolder and won't find the binaries in/usr/bin, even though the PHP process would be allowed to access/usr/bin, as theopen_basedirrestriction allows access to subfolders.This PR fixes that by always adding the paths from
PATHto the directories to be checked.Note: this is not an issue in Symfony 6.4+. The
open_basedirlogic does not exist there and thus that problem does not exist there.