php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30259 file_exists() returns false in safe_mode even if file in safe_mode_include_dir
Submitted: 2004-09-27 23:28 UTC Modified: 2004-09-28 15:53 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: php at mbant dot de Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 4.3.9 OS: Debian Woody
Private report: No CVE-ID: None
View Developer Edit
 [2004-09-27 23:28 UTC] php at mbant dot de 
Description:
------------
When safe_mode = on, file_exists() returns false for files not belonging to the same user, even if a file is in safe_mode_include_dir.

notes: 
* this did work with version 4.3.8
* it does not matter if PHP is run as CGI, Apache or CLI.

example: 

--- php.ini ---

safe_mode = On

;[...]
safe_mode_include_dir = ".:/usr/share/php:/usr/local/lib/mbant"

---------------






Reproduce code:
---------------
<?
    $a = file_exists('/usr/share/php/DB.php'); // returns false
?>


Expected result:
----------------
$a will be 'false'.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-27 23:31 UTC] php at mbant dot de 
in 'expected result', $a should of course be actually true, but is not.
 [2004-09-28 15:53 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

As the documentation suggests this directive only allows exclusion for safe_mode checks for include() and require(), regular file operations such as fopen(), copy(), file_exists() and so on, are not affected by this exclusion.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Oct 28 17:00:02 2025 UTC