|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35512 Lack of read permission on main script results in E_WARNING
Submitted: 2005-12-01 22:40 UTC Modified: 2006-05-17 13:28 UTC
Avg. Score:4.5 ± 0.9
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:0 (0.0%)
From: rdingman at next-online dot net Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.1.1 OS: Mac OS X 10.4.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
36 + 37 = ?
Subscribe to this entry?

 [2005-12-01 22:40 UTC] rdingman at next-online dot net
If I access http://localhost/foo.php and PHP does not have 
permission to read foo.php (say the permissions are 222), I 
get an E_WARNING rather than an E_COMPILE_ERROR (include vs. 
require).  This is in PHP 5.1.1.  I've fixed this in a local 
build by patching zend_execute_scripts in Zend/zend.c on 
line 1079. zend_execute_scripts was calling 
zend_compile_file and passing ZEND_INCLUDE in as the type 
argument rather than passing along its type argument.  The 
old code reads:

EG(active_op_array) = zend_compile_file(file_handle, 

My patched version reads:

EG(active_op_array) = zend_compile_file(file_handle, type 

Because I'm not intimately familiar with the inner workings 
of the interpreter, I'm not sure that this is the best way 
to fix this problem, but it seems like the most appropriate 
place that I could find.

Expected result:
If PHP does not have permission to read the main script, I 
would expect to get an E_COMPILE_ERROR.  The difference is 
treating reading the main script as if it where required 
rather than included.  The main script should be treated as 
if it were required rather than included.

In case you are wondering why I care -- we have a PHP module 
that monitors PHP errors and redirects our customers to a 
customer service page any time that PHP encounters anything 
that the interpreter really shouldn't recover from 
E_USER_ERROR).  The main script not being readable is 
certainly a case where we would like to redirect them to a 
customer service page.  However, having an E_WARNING as the 
error makes it difficult to identify this situation because 
we would now have to distinguish between this E_WARNING and 
any others that might arise in the site.  Having an 
E_COMPILE_ERROR would be much more definitive and more 
correct IMHO.  Yes, we are taking other steps to ensure that 
the permission on the PHP scripts for our site are correct, 
but mistakes do happen and we want to guarantee that our 
customers have as good an experience as possible in the case 
of unexpected errors (as any enterprise site should).

Actual result:
If PHP does not have permission to read the main script, I 
get the following E_WARNING:

Warning: Unknown: failed to open stream: Permission denied 
in Unknown on line 0

Warning: Unknown: Failed opening '/Library/WebServer/
Documents/foo.php' for inclusion (include_path='/usr/local/
lib/php:.') in Unknown on line 0


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-05 19:38 UTC] rdingman at next-online dot net
Changing the category to "Scripting Engine problem" because 
it more accurately reflects the nature of this bug.
 [2005-12-05 20:23 UTC]
Reclassified as "Feature/Change Request" since this isn't bug.
 [2006-05-17 13:28 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 12:01:28 2024 UTC