php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35512 Lack of read permission on main script results in E_WARNING
Submitted: 2005-12-01 22:40 UTC Modified: 2006-05-17 13:28 UTC
Votes:4
Avg. Score:4.5 ± 0.9
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:0 (0.0%)
From: rdingman at next-online dot net Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.1.1 OS: Mac OS X 10.4.3
Private report: No CVE-ID:
 [2005-12-01 22:40 UTC] rdingman at next-online dot net
Description:
------------
If I access http://localhost/foo.php and PHP does not have 
permission to read foo.php (say the permissions are 222), I 
get an E_WARNING rather than an E_COMPILE_ERROR (include vs. 
require).  This is in PHP 5.1.1.  I've fixed this in a local 
build by patching zend_execute_scripts in Zend/zend.c on 
line 1079. zend_execute_scripts was calling 
zend_compile_file and passing ZEND_INCLUDE in as the type 
argument rather than passing along its type argument.  The 
old code reads:

EG(active_op_array) = zend_compile_file(file_handle, 
ZEND_INCLUDE TSRMLS_CC);

My patched version reads:

EG(active_op_array) = zend_compile_file(file_handle, type 
TSRMLS_CC);

Because I'm not intimately familiar with the inner workings 
of the interpreter, I'm not sure that this is the best way 
to fix this problem, but it seems like the most appropriate 
place that I could find.

Expected result:
----------------
If PHP does not have permission to read the main script, I 
would expect to get an E_COMPILE_ERROR.  The difference is 
treating reading the main script as if it where required 
rather than included.  The main script should be treated as 
if it were required rather than included.

In case you are wondering why I care -- we have a PHP module 
that monitors PHP errors and redirects our customers to a 
customer service page any time that PHP encounters anything 
that the interpreter really shouldn't recover from 
(E_CORE_ERROR, E_ERROR, E_PARSE, E_COMPILE_ERROR and 
E_USER_ERROR).  The main script not being readable is 
certainly a case where we would like to redirect them to a 
customer service page.  However, having an E_WARNING as the 
error makes it difficult to identify this situation because 
we would now have to distinguish between this E_WARNING and 
any others that might arise in the site.  Having an 
E_COMPILE_ERROR would be much more definitive and more 
correct IMHO.  Yes, we are taking other steps to ensure that 
the permission on the PHP scripts for our site are correct, 
but mistakes do happen and we want to guarantee that our 
customers have as good an experience as possible in the case 
of unexpected errors (as any enterprise site should).

Actual result:
--------------
If PHP does not have permission to read the main script, I 
get the following E_WARNING:

Warning: Unknown: failed to open stream: Permission denied 
in Unknown on line 0

Warning: Unknown: Failed opening '/Library/WebServer/
Documents/foo.php' for inclusion (include_path='/usr/local/
lib/php:.') in Unknown on line 0

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-05 19:38 UTC] rdingman at next-online dot net
Changing the category to "Scripting Engine problem" because 
it more accurately reflects the nature of this bug.
 [2005-12-05 20:23 UTC] sniper@php.net
Reclassified as "Feature/Change Request" since this isn't bug.
 [2006-05-17 13:28 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 19:02:15 2014 UTC