PHP :: Bug #65211 :: file_exists() warns of open_basedir on existing file mis-used as directory

Bug #65211

file_exists() warns of open_basedir on existing file mis-used as directory

Submitted:

2013-07-05 17:05 UTC

Modified:

2015-06-04 14:56 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

paolo at schiro dot it

Assigned:

cmb (profile)

Status:

Duplicate

Package:

Safe Mode/open_basedir

PHP Version:

Irrelevant

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	paolo at schiro dot it
New email:
PHP Version:		OS:

New Comment:

[2013-07-05 17:05 UTC] paolo at schiro dot it

Description:
------------
When open_basedir set file_exists() raise an open_basedir warning 
when checking a path which permitted by open_basedir but includes 
an existent file misused as directory.


Test script:
---------------
//create a file
$fhandle = fopen('existing-file-which-is-not-dir.txt', 'w');

//throw your mind away and use it as a directory
if (is_file('existing-file-which-is-not-dir.txt/test.html')) {
        print "File exists";
} else {
        print "File does not exist";
}

//show the error
print_r(error_get_last());

Expected result:
----------------
is_file should return a FALSE and you should read "File does not exist".

Actual result:
--------------
In addition to "File does not exist", you'll get a warning that 
open_basedir restriction is in effect:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-19 18:05 UTC] mail+php at requinix dot net

Duplicate of
- bug 52065 "Warning about open_basedir restriction while accessing a file as 
directory"
- bug 53041 "is_file() and open_basedir" closed to due no feedback (@pajoye: yes)

tl;dr: bug is not about open_basedir itself but rather some code being unable to 
access the file (rightly so) and the calling code assuming the failure is because 
of open_basedir.

[2014-05-07 19:28 UTC] info at ihead dot ru

File functions produce warning if argument is a path which starts with existing file.

<?
touch('./index.php');
ini_set('open_basedir', '.');
var_dump(file_exists('./index.php/.section.php'));
?>

Expected result: 
bool(false)

Actual result: 
Warning: file_exists(): open_basedir restriction in effect. File(./index.php/.section.php) is not within the allowed path(s): (.) in ***/1.php on line 4
bool(false)

OS FreeBSD.
PHP 5.3, 5.4 affected.
PHP 5.2 not affected.

[2014-06-04 07:17 UTC] requinix@php.net

Related To: Bug #67378

[2015-06-04 14:56 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2015-06-04 14:56 UTC] cmb@php.net

This is a duplicate of bug #52065.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Nov 24 21:01:35 2024 UTC