Nginx下解决WebShell访问限制问题

王科 2010-06-15

直入主题公布修改方法

wget http://www.php.net/get/php-5.2.10.tar.gz/from/this/mirror
wget http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.13.diff.gz
tar zxvf php-5.2.10.tar.gz
gzip -cd php-5.2.10-fpm-0.5.13.diff.gz | patch -d php-5.2.10 -p1 //如果你用补丁的话先打补丁再改比较妥当,我没检查过补丁有没动这个文件
cd php-5.2.10/
./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –with-mysql=/usr/local/mysql –with-mysqli=/usr/local/mysql/bin/mysql_config –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-discard-path –enable-magic-quotes –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –with-mime-magic –enable-suhosin

vi main/fopen_wrappers.c

找到

/* {{{ php_check_open_basedir
*/
PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
{
		/* Only check when open_basedir is available */
		if (PG(open_basedir) && *PG(open_basedir)) {
				char *pathbuf;
				char *ptr;
				char *end;
				// add by anxsoft.com
				char *env_doc_root;
				if(PG(doc_root)){
						env_doc_root = estrdup(PG(doc_root));
				}else{
						env_doc_root = sapi_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC);
				}
				if(env_doc_root){
						int		res_root = php_check_specific_open_basedir(env_doc_root, path TSRMLS_CC);
						efree(env_doc_root);
						if (res_root == 0) {
								return 0;
						}
						if (res_root == -2) {
								errno = EPERM;
								return -1;
						}
				}
				// add by anxsoft.com
				pathbuf = estrdup(PG(open_basedir));
				ptr = pathbuf;
				while (ptr && *ptr) {
						end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
						if (end != NULL) {
								*end = '\0';
								end++;
						}
						if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
								efree(pathbuf);
								return 0;
						}
						ptr = end;
				}
				if (warn) {
						php_error_docref(NULL TSRMLS_CC, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
				}
				efree(pathbuf);
				errno = EPERM; /* we deny permission to open it */
				return -1;
		}
		/* Nothing to check... */
		return 0;
}
/* }}} */


两个 add by anxsoft.com 中间的是修改加上去的

然后保存,退出。

make ZEND_EXTRA_LIBS=’-liconv’
make install

php.in的open_basedir配置
open_basedir = “/tmp/:/var/tmp/”

相关推荐