php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #74411 SplFileInfo::getRealPath() returns false if containing folder is unreadable
Submitted: 2017-04-11 08:18 UTC Modified: 2021-10-04 15:26 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: miklcct at gmail dot com Assigned: cmb (profile)
Status: Duplicate Package: Filesystem function related
PHP Version: 7.1.3 OS: Windows 10
Private report: No CVE-ID: None
View Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
39 - 34 = ?
Subscribe to this entry?

 
 [2017-04-11 08:18 UTC] miklcct at gmail dot com 
Description:
------------
On Windows, SplFileInfo::getRealPath() returns false if the containing folder is not readable even if the file itself is readable. This breaks in typical usage scenario where a SplFileInfo object is constructed using an uploaded file in temporary folder on Windows because the temporary folder in Windows is not readable by default, but creating files are allowed inside.

To reproduce, follow the below steps:
1. Make directory C:\dir
2. Make file C:\dir\file and put some text inside
3. Run the script, ensure that the second var_dump returns the path
4. Add an NTFS permission entry on C:\dir saying "deny everyone on this folder only advanced permission list folder / read data"
5. Run the script again


Test script:
---------------
<?php
$path = 'C:\dir\file';
$file = new SplFileInfo($path);
var_dump(file_get_contents($path));
var_dump($file);
var_dump($file->getRealPath());

Expected result:
----------------
Output similar to the below on both runs:

M:\splfileinfo_bug.php:4:
string(5) "test
"
M:\splfileinfo_bug.php:5:
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"
}
M:\splfileinfo_bug.php:6:
string(11) "C:\dir\file"

Actual result:
--------------
After denying permission, the script outputs:

M:\splfileinfo_bug.php:4:
string(5) "test
"
M:\splfileinfo_bug.php:5:
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"
}
M:\splfileinfo_bug.php:6:
bool(false)

Note that the file is readable but SplFileInfo::getRealPath() returns false.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-11 13:51 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem
 [2017-04-11 13:51 UTC] cmb@php.net 
It seems to me that is rather a documentation issue, as for
realpath() it is already noted[1] that:

| The running script must have executable permissions on all
| directories in the hierarchy, otherwise realpath() will return
| FALSE.

[1] <http://php.net/manual/en/function.realpath.php#refsect1-function.realpath-returnvalues>
 [2017-04-11 14:02 UTC] miklcct at gmail dot com 
I don't think it is a documentation issue, because
1. I'm using SplFileInfo, not bare functions. What the bare functions do is completely irrelevant to me.

2. Even it replicates the behaviour of that function, I have only denied the list content (read) permission but not traverse folder (execute) permission.
 [2017-05-02 17:44 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-05-02 17:44 UTC] ab@php.net 
What are the exact ACLs on the folder and the file?

Thanks.
 [2017-05-08 04:14 UTC] miklcct at gmail dot com
-Status: Feedback +Status: Open
 [2017-05-08 04:14 UTC] miklcct at gmail dot com 
Folder permission:
All but list folder / read data

File permission:
Full control
 [2021-10-04 15:26 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-10-04 15:26 UTC] cmb@php.net 
> I'm using SplFileInfo, not bare functions. What the bare
> functions do is completely irrelevant to me.

Both use the same underlying implementation.

> Folder permission:
> All but list folder / read data

But these are required[1].  That might be something we want to
change in the future, but shouldn't in a a stable version.

So, basically, this is a duplicate of bug #43817.

[1] <https://bugs.php.net/bug.php?id=43817#1632409714>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 13:00:01 2025 UTC