|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27609 is_writable returns true for file that can not be written to
Submitted: 2004-03-15 15:51 UTC Modified: 2004-03-24 16:33 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gobzo at netscape dot net Assigned:
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 4.3.5RC3 OS: Windows XP Pro
Private report: No CVE-ID:
 [2004-03-15 15:51 UTC] gobzo at netscape dot net
I experience a situation, where Apache runs under the user name, who does not have rights to write to a certain directory. This has been tested and found working: I logged in under that user and received Access denied error trying to save a changed file in this folder.
The problem is that if I call is_writable() against files in that folder (and the folder itself!), it will return true which it utterly wrong. Of course, subsequent writes to the files fail because the files in fact can not be written to, but the scripts do not know about that.
My wild guess would be this is Windows or WinXP related issue, I do not have a Linux box to check, but if needed, I can set it up - just email me.

Reproduce code:
1. Create a folder 'foo' and file 'bar' in that folder.
2. Create a new user User1 and assign his rights to a folder 'foo' so that his Allow/Write is unchecked.
3. Run Apache under this user.
4. Create ./foo.php with the following code:
  if (is_writable("bar"))
    echo "Writable";
    echo "Read only";
5. Go with your browser to localhost/foo.php

Expected result:

Actual result:
Read only


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-15 15:53 UTC] gobzo at netscape dot net
Apology! I mixed up results. They should read:

Expected result:
Read only

Actual result:
 [2004-03-15 23:05 UTC]
Please try using this CVS snapshot:
For Windows:

And did it work in some previous version of PHP? (which?)

 [2004-03-24 16:19 UTC] gobzo at netscape dot net
Still the same problem with the latest snapshot.
 [2004-03-24 16:33 UTC]
microsoft c runtime library only reports the read-only flag from its stat() implementation; if the file is not marked as read-only in the regular file attributes (eg: what you see using attrib or dir commands), then PHP (and any other ANSI C program) will see it as writable.

This is a duplicate of some other bug report (thus marking it as bogus, since you could have searched harder).

Official view on this problem is "wont fix", since we lack the time and inclination to mess with NT security API (it's an ugly beast), but would accept a patch that implements it.

 [2004-04-30 05:52 UTC] quentinjs at canada dot com
Would be nice if you could add a link to the original one, as I know I can't find what you are refering to.  I've done the "search harder"  :-(

And I've also marked the file in every way possible as READ ONLY and it still says its writable!  the Attribs, the Security stuff, made sure in IIS its also done as well.  So unless there is a secret way, I think I've covered all the basis now.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 12:01:35 2015 UTC