PHP :: Bug #30259 :: file_exists() returns false in safe_mode even if file in safe_mode_include

Bug #30259

file_exists() returns false in safe_mode even if file in safe_mode_include_dir

Submitted:

2004-09-27 23:28 UTC

Modified:

2004-09-28 15:53 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

php at mbant dot de

Assigned:

Status:

Not a bug

Package:

Filesystem function related

PHP Version:

4.3.9

OS:

Debian Woody

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php at mbant dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-09-27 23:28 UTC] php at mbant dot de

Description:
------------
When safe_mode = on, file_exists() returns false for files not belonging to the same user, even if a file is in safe_mode_include_dir.

notes: 
* this did work with version 4.3.8
* it does not matter if PHP is run as CGI, Apache or CLI.

example: 

--- php.ini ---

safe_mode = On

;[...]
safe_mode_include_dir = ".:/usr/share/php:/usr/local/lib/mbant"

---------------






Reproduce code:
---------------
<?
    $a = file_exists('/usr/share/php/DB.php'); // returns false
?>


Expected result:
----------------
$a will be 'false'.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-09-27 23:31 UTC] php at mbant dot de

in 'expected result', $a should of course be actually true, but is not.

[2004-09-28 15:53 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

As the documentation suggests this directive only allows exclusion for safe_mode checks for include() and require(), regular file operations such as fopen(), copy(), file_exists() and so on, are not affected by this exclusion.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 07:01:31 2024 UTC