php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27609 is_writable returns true for file that can not be written to
Submitted: 2004-03-15 15:51 UTC Modified: 2004-03-24 16:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gobzo at netscape dot net Assigned:
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 4.3.5RC3 OS: Windows XP Pro
Private report: No CVE-ID:
 [2004-03-15 15:51 UTC] gobzo at netscape dot net
Description:
------------
I experience a situation, where Apache runs under the user name, who does not have rights to write to a certain directory. This has been tested and found working: I logged in under that user and received Access denied error trying to save a changed file in this folder.
The problem is that if I call is_writable() against files in that folder (and the folder itself!), it will return true which it utterly wrong. Of course, subsequent writes to the files fail because the files in fact can not be written to, but the scripts do not know about that.
My wild guess would be this is Windows or WinXP related issue, I do not have a Linux box to check, but if needed, I can set it up - just email me.

Reproduce code:
---------------
1. Create a folder 'foo' and file 'bar' in that folder.
2. Create a new user User1 and assign his rights to a folder 'foo' so that his Allow/Write is unchecked.
3. Run Apache under this user.
4. Create ./foo.php with the following code:
<?php
  if (is_writable("bar"))
    echo "Writable";
  else
    echo "Read only";
?>
5. Go with your browser to localhost/foo.php


Expected result:
----------------
Writable

Actual result:
--------------
Read only

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-15 15:53 UTC] gobzo at netscape dot net
Apology! I mixed up results. They should read:

Expected result:
----------------
Read only

Actual result:
--------------
Writable
 [2004-03-15 23:05 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

And did it work in some previous version of PHP? (which?)

 [2004-03-24 16:19 UTC] gobzo at netscape dot net
Still the same problem with the latest snapshot.
 [2004-03-24 16:33 UTC] wez@php.net
microsoft c runtime library only reports the read-only flag from its stat() implementation; if the file is not marked as read-only in the regular file attributes (eg: what you see using attrib or dir commands), then PHP (and any other ANSI C program) will see it as writable.

This is a duplicate of some other bug report (thus marking it as bogus, since you could have searched harder).

Official view on this problem is "wont fix", since we lack the time and inclination to mess with NT security API (it's an ugly beast), but would accept a patch that implements it.

 [2004-04-30 05:52 UTC] quentinjs at canada dot com
Would be nice if you could add a link to the original one, as I know I can't find what you are refering to.  I've done the "search harder"  :-(

And I've also marked the file in every way possible as READ ONLY and it still says its writable!  the Attribs, the Security stuff, made sure in IIS its also done as well.  So unless there is a secret way, I think I've covered all the basis now.

Cheers,
Quentin
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 07:02:14 2014 UTC