php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #48548 file_exists() returns false on paths using ../ in middle
Submitted: 2009-06-14 16:23 UTC Modified: 2016-01-16 13:57 UTC
Votes:7
Avg. Score:3.7 ± 1.4
Reproduced:5 of 6 (83.3%)
Same Version:2 (40.0%)
Same OS:5 (100.0%)
From: adam at e-nition dot com Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 5.2.9 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2009-06-14 16:23 UTC] adam at e-nition dot com 
Description:
------------
The file_exists() function returns false on files that do exist but use a directory traversal in the path. Not at the start of the path, I mean in the middle of the path. (This type of path works fine on the include function)

Works fine on windows apache2.2.11 php5.2.9



Reproduce code:
---------------
(Example based on a file called 'real_file.php' being placed in a directory called 'real_dir')

$test_path = 'real_dir/fake_dir/../real_file.php',

if (file_exists($test_path)) {
    echo 'File does exist<br />';
    echo (@include($test_path)) ? 'File included' : 'File NOT included';
} else {
    echo 'File does Not exist<br />';
    echo (@include($test_path)) ? 'File included' : 'File NOT included';
}

Expected result:
----------------
File does exist
File included

Actual result:
--------------
File does NOT exist
File included

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-16 13:33 UTC] ben at nurfuerspam dot de 
This is actually not a bug, as the path cannot be traversed on a filesystem either.
Just try it in any *nix shell for yourself:
When you call "cd fake_dir/../" you'd expect to cut off the fakepath and stay in the same directory, but you'll get a "No such file or directory" error instead as there is no fake_dir that could be resolved.
 [2009-06-16 13:39 UTC] adam at e-nition dot com 
I fully understand that as I have tried it, but the include and require functions manage this correctly? Seems a bit silly to be able to include a file with this type of path but not check if it exists?

Also, if this were to work this way both windows and linux setups would match - which is always nice :)

Either way thanks for looking at it.

Adam
 [2010-12-20 13:17 UTC] jani@php.net
-Package: Feature/Change Request +Package: Filesystem function related
 [2016-01-16 13:57 UTC] danack@php.net
-Status: Open +Status: Not a bug
 [2016-01-16 13:57 UTC] danack@php.net 
There does not appear to be a bug here. The behaviour is correct for the reported case....and I don't think breaking it on Windows would be appreciated.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 19:01:31 2024 UTC