php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #32286 "safe-mode" needs some better docs..
Submitted: 2005-03-12 04:41 UTC Modified: 2005-04-21 12:23 UTC
From: joe dot knall at gmx dot net Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.3.10 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-03-12 04:41 UTC] joe dot knall at gmx dot net 
Description:
------------
file_exists() returns FALSE but file exists, is in include_path, open_basedir and safe_mode_include_dir;
only happens when safe_mode=On (not so when safe_mode=Off);
anyways file can be used with include/require;
relative or absolute path and ownership doesn't matter;
same problem with is_readable();

'./configure' '--prefix=/php' '--infodir=/usr/share/info' '--mandir=/usr/local/man' '--disable-cgi' '--disable-cli' '--disable-ipv6' '--disable-pear' '--disable-short-tags' '--enable-safe-mode' '--with-apxs2=/apache/bin/apxs' '--with-config-file-path=/apache/conf' '--with-mysql=/mysql' '--with-zlib-dir'

pear is installed manually;
may be a feature, but smarty works that way and I don't know where else to report this (internals/core.assemble_plugin_filepath.php, line 33)

Reproduce code:
---------------
test script: (/www/htdocs/test.php)
<?php
$file = '/php/lib/php/file.php';
echo file_exists("$file") ? 'ok' : 'nok';
// echo is_readable("$file") ? 'ok' : 'nok';
echo "<br />\n";
include "$file";
?>

file.php:
<?php echo "here I am"; ?>

Expected result:
----------------
If file can be included it should exist, isn't it? So output should be:
ok
here I am

Actual result:
--------------
nok
here I am

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-14 01:17 UTC] sniper@php.net 
As what user you run that script? And what does this output:

# ls -l /php/lib/php/file.php
 [2005-03-15 23:53 UTC] joe dot knall at gmx dot net 
> ownership doesn't matter;
ownership does matter!
if /php/lib/php/file.php is owned by webmaster:webmaster it works, otherwise the result is as stated;
THANK YOU, I'm sorry; I mixed it up during all the testing somehow:(

but still it's irritating and not logical from the user's point of view;
in my special case (Smarty, in /php/lib/php/Smarty) the files are owned by root:root; ok, this could be handled with the safe_mode_gid option and setting those file's ownership to root:webmaster (as far as I understand by now) ...
still I think, if a file can be included it should exist;

for me this case is closed by now; if you think this behaviour with safe mode is as intended please set the status to closed and _add_a_sentence_to_the_docu_
thank you
 [2005-04-06 08:43 UTC] philip@php.net 
Looks like some comments got deleted...what was the problem and what do you feel needs documented exactly?
 [2005-04-14 00:06 UTC] joe dot knall at gmx dot net 
Apparently there was nothing deleted;
as stated this issue is closed for me, sniper switched it to "Documentation problem".
The actual problem was/is:
it's irritating and not logical from the user's point of
view that when save_mode=ON file_exists($file) returns FALSE if $file is not owned by the user who owns the script that executs file_exists($file) - but at the same time $file can be used with include/require. This is not clear from the docs.

I added a comment to the user contributed notes at file_exists() saying
"if safe_mode=ON and $file (in safe_mode_include_dir) is not owned by the user who executes file_exists($file), file_exists returns FALSE but still $file can be included;
I could handle this by setting safe_mode_gid=On and appropriate group-ownership"

... and would appreciate a hint like this as part of the official documentation.
That's all, thank you
 [2005-04-14 00:23 UTC] joe dot knall at gmx dot net 
By the way, shouldn't it better be impossible to include a file that doesn't exist? I consider it rather a bug than a docu problem.
 [2005-04-21 12:23 UTC] vrana@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

\"This function returns FALSE for files inaccessible due to safe mode retrictions. However these files still can be included if they are located in safe_mode_include_dir.\"
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 16 22:01:31 2024 UTC