php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27609 is_writable returns true for file that can not be written to
Submitted: 2004-03-15 15:51 UTC Modified: 2004-03-24 16:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gobzo at netscape dot net Assigned:
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 4.3.5RC3 OS: Windows XP Pro
Private report: No CVE-ID: None
View Developer Edit
 [2004-03-15 15:51 UTC] gobzo at netscape dot net 
Description:
------------
I experience a situation, where Apache runs under the user name, who does not have rights to write to a certain directory. This has been tested and found working: I logged in under that user and received Access denied error trying to save a changed file in this folder.
The problem is that if I call is_writable() against files in that folder (and the folder itself!), it will return true which it utterly wrong. Of course, subsequent writes to the files fail because the files in fact can not be written to, but the scripts do not know about that.
My wild guess would be this is Windows or WinXP related issue, I do not have a Linux box to check, but if needed, I can set it up - just email me.

Reproduce code:
---------------
1. Create a folder 'foo' and file 'bar' in that folder.
2. Create a new user User1 and assign his rights to a folder 'foo' so that his Allow/Write is unchecked.
3. Run Apache under this user.
4. Create ./foo.php with the following code:
<?php
  if (is_writable("bar"))
    echo "Writable";
  else
    echo "Read only";
?>
5. Go with your browser to localhost/foo.php


Expected result:
----------------
Writable

Actual result:
--------------
Read only

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-15 15:53 UTC] gobzo at netscape dot net 
Apology! I mixed up results. They should read:

Expected result:
----------------
Read only

Actual result:
--------------
Writable
 [2004-03-15 23:05 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

And did it work in some previous version of PHP? (which?)
 [2004-03-24 16:19 UTC] gobzo at netscape dot net 
Still the same problem with the latest snapshot.
 [2004-03-24 16:33 UTC] wez@php.net 
microsoft c runtime library only reports the read-only flag from its stat() implementation; if the file is not marked as read-only in the regular file attributes (eg: what you see using attrib or dir commands), then PHP (and any other ANSI C program) will see it as writable.

This is a duplicate of some other bug report (thus marking it as bogus, since you could have searched harder).

Official view on this problem is "wont fix", since we lack the time and inclination to mess with NT security API (it's an ugly beast), but would accept a patch that implements it.
 [2004-04-30 05:52 UTC] quentinjs at canada dot com 
Would be nice if you could add a link to the original one, as I know I can't find what you are refering to.  I've done the "search harder"  :-(

And I've also marked the file in every way possible as READ ONLY and it still says its writable!  the Attribs, the Security stuff, made sure in IIS its also done as well.  So unless there is a secret way, I think I've covered all the basis now.

Cheers,
Quentin
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Nov 24 02:01:28 2024 UTC