php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39351 require and include fails to open file in current directory
Submitted: 2006-11-02 22:38 UTC Modified: 2007-04-03 20:21 UTC
Votes:32
Avg. Score:4.7 ± 0.6
Reproduced:31 of 31 (100.0%)
Same Version:28 (90.3%)
Same OS:15 (48.4%)
From: lampiluoto at gmail dot com Assigned:
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.2.0 OS: Solaris10
Private report: No CVE-ID:
 [2006-11-02 22:38 UTC] lampiluoto at gmail dot com
Description:
------------
I upgraded to PHP 5.2.0 on Solaris 10 (amd64). Executing PHP code failed and produced errors as any require() or include() with relative path fails. With absolute path it's ok.

The same code in same environment works fine on PHP 5.1.6.

Reason might be that on Solaris getcwd() does not return current working directory unless user has read privileges from root directory to the current dir. Has something changed in 5.2.0 ?

User running httpd does not have read privileges to every directory in Apache HTTPd's DocumentRoot path - it has only execute (x) privilege to part of the directories.
 

Reproduce code:
---------------
// this fails on 5.2.0 but works fine on 5.1.6
require('config.php');

// this works also on 5.2.0 
require('/absolute/path/to/config.php');

Expected result:
----------------
File config.inc should be read successfully. This require('config.php') works fine on PHP 5.1.6 but after upgrading to 5.2.0 on same environment, it does not.

Actual result:
--------------
// with relative path
[Fri Nov 03 00:13:15 2006] [error] [client x.x.x.x] PHP Warning:  require(config.php) [<a href='function.require'>function.require</a>]: failed to open stream: No such file or directory in /path/to/index.php on line 3, referer: http://mysite/index.php

[Fri Nov 03 00:13:15 2006] [error] [client x.x.x.x] PHP Fatal error:  require() [<a href='function.require'>function.require</a>]: Failed opening required 'config.php' (include_path='.:/opt/httpd/php5/lib/php') in /path/to/index.php on line 3, referer: http://mysite/index.php


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-11 22:57 UTC] rasmus@php.net
Would it be possible for you to get us an strace or truss of a 5.1.6 relative include and the same for a 5.2.0 one?  I don't remember any getcwd() changes, but it sounds like there must have been one somewhere.
 [2006-11-12 19:17 UTC] lampiluoto at gmail dot com
Here is part of the truss output, I can provide the whole output if needed. After failing getcwd() 5.2.0 tries to open file with wrong path.

#
# PHP-5.1.6
#

662:    stat("./inc/config.php", 0xFFFFFD7FFFDFDEE0)    = 0
662:    resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
662:    getcwd(0xFFFFFD7FFFDFD160, 1024)                Err#13 EACCES [file_dac_read]
662:    stat("./inc/config.php", 0xFFFFFD7FFFDFDE00)    = 0
662:    getcwd(0xFFFFFD7FFFDFDA10, 1024)                Err#13 EACCES [file_dac_read]
662:    resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
662:    getcwd(0xFFFFFD7FFFDFCCE0, 1024)                Err#13 EACCES [file_dac_read]
662:    open("./inc/config.php", O_RDONLY)              = 17
662:    fstat(17, 0x00783920)                           = 0
662:    lseek(17, 0, SEEK_CUR)                          = 0
662:    read(17, " < ? p h p\n\n     / /  ".., 8192)    = 1572
662:    read(17, 0x0077F258, 8192)                      = 0
662:    read(17, 0x0077F258, 8192)                      = 0
662:    close(17)                                       = 0
662:    time()                                          = 1163357246

#
# PHP-5.2.0
# 

17703:  stat("./inc/config.php", 0xFFFFFD7FFFDFDFB0)    = 0
17703:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
17703:  getcwd(0xFFFFFD7FFFDFD230, 1024)                Err#13 EACCES [file_dac_read]
17703:  stat("./inc/config.php", 0xFFFFFD7FFFDFDED0)    = 0
17703:  getcwd(0xFFFFFD7FFFDFDAE0, 1024)                Err#13 EACCES [file_dac_read]
17703:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
17703:  getcwd(0xFFFFFD7FFFDFCDE0, 1024)                Err#13 EACCES [file_dac_read]
17703:  open("/inc/config.php", O_RDONLY)               Err#2 ENOENT
17703:  open("/data/logs/httpd/error_log-php", O_WRONLY|O_APPEND|O_CREAT,0666) = 17
17703:  lseek(17, 0, SEEK_END)                          = 0
17703:  time()                                          = 1163358385
17703:  fstat(17, 0xFFFFFD7FFFDFC880)                   = 0
17703:  fstat(17, 0xFFFFFD7FFFDFC7D0)                   = 0
17703:  ioctl(17, TCGETA, 0xFFFFFD7FFFDFC840)           Err#25 ENOTTY
17703:  write(17, " [ 1 2 - N o v - 2 0 0 6".., 224)    = 224
17703:  close(17)                                       = 0
 [2006-11-15 12:42 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2006-11-15 13:30 UTC] lampiluoto at gmail dot com
Here's truss output with php5.2-200611151130.

There seems to be changes for stat()'ing the 
file and though it fixes the first 
include('inc/config.php') it causes problems 
later on. 

Including func_prepare.php is with absolute path 
in PHP code and then including db_interface.php 
is with relative path. Just for testing ;)

I have --prefix=/opt/httpd/dev-installation/php5 for 
configuring PHP and it even tries to stat() files 
from there. Result is failing includes. Truss 
output differs quite a lot from 5.1.6.

#
# php5.2-200611151130
#

25255:  stat("./inc/config.php", 0xFFFFFD7FFFDFDF70)    = 0
25255:  getcwd(0xFFFFFD7FFFDFD200, 1024)                Err#13 EACCES [file_dac_read]
25255:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
25255:  getcwd(0xFFFFFD7FFFDFC500, 1024)                Err#13 EACCES [file_dac_read]
25255:  stat("^B", 0xFFFFFD7FFFDFDE90)                  Err#2 ENOENT
25255:  stat("/opt/httpd/dev-installation/php5/lib/php/inc/config.php",0xFFFFFD7FFFDFDF70) Err#2 ENOENT
25255:  stat("/data/sites/www.mysite.example/dev-html/inc/config.php",0xFFFFFD7FFFDFDF70) = 0
25255:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/config.php", "/data/sites/www.mysite.example/dev-html/inc/config.php", 1024) = 54
25255:  stat("/data/sites/www.mysite.example/dev-html/inc/config.php", 0xFFFFFD7FFFDFDE90) = 0
25255:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/config.php", "/data/sites/www.mysite.example/dev-html/inc/config.php", 1024) = 54
25255:  open("/data/sites/www.mysite.example/dev-html/inc/config.php",O_RDONLY) = 17
25255:  fstat(17, 0x007BCA68)                           = 0
25255:  read(17, " < ? p h p\n\n     / /  ".., 8192)    = 1572
25255:  read(17, 0x007BCD10, 8192)                      = 0
25255:  close(17)                                       = 0
25255:  time()                                          = 1163596213
25255:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
25255:  stat("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php",0xFFFFFD7FFFDFDE60) = 0
25255:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
25255:  open("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php",O_RDONLY) = 17
25255:  fstat(17, 0x007BCA68)                           = 0
25255:  read(17, " < ? p h p\n\n     / /\n".., 8192)    = 1171
25255:  read(17, 0x007C1000, 8192)                      = 0
25255:  close(17)                                       = 0
25255:  stat("./inc/db_interface.php", 0xFFFFFD7FFFDFD0C0) = 0
25255:  getcwd(0xFFFFFD7FFFDFC350, 1024)                Err#13 EACCES [file_dac_read]
25255:  resolvepath("./inc/db_interface.php", "inc/db_interface.php", 1024) = 20
25255:  getcwd(0xFFFFFD7FFFDFB650, 1024)                Err#13 EACCES [file_dac_read]
25255:  stat("^C", 0xFFFFFD7FFFDFCFE0)                  Err#2 ENOENT
25255:  stat("/opt/httpd/dev-installation/php5/lib/php/inc/db_interface.php", 0xFFFFFD7FFFDFD0C0) Err#2 ENOENT
25255:  stat("/data/sites/www.mysite.example/dev-html/inc/inc/db_interface.php", 0xFFFFFD7FFFDFD0C0) Err#2 ENOENT
25255:  open("/data/logs/httpd/error_log-php", O_WRONLY|O_APPEND|O_CREAT,0666) = 17
25255:  lseek(17, 0, SEEK_END)                          = 9904
25255:  time()                                          = 1163596213
25255:  fstat(17, 0xFFFFFD7FFFDFB990)                   = 0
25255:  fstat(17, 0xFFFFFD7FFFDFB8E0)                   = 0
25255:  ioctl(17, TCGETA, 0xFFFFFD7FFFDFB950)           Err#25 ENOTTY
25255:  write(17, " [ 1 5 - N o v - 2 0 0 6".., 241)    = 241
25255:  close(17)                                       = 0
25255:  open("/data/logs/httpd/error_log-php", O_WRONLY|O_APPEND|O_CREAT,0666) = 17
 [2006-12-05 23:06 UTC] php dot net at ryanfindley dot com
I'm experiencing the same problem on OS X 10.4 PPC 64bit(G5), but not on OS X 10.4 Intel 32bit.

If I revert my PHP install to 5.1.4, the problem goes away but using 5.2.0 all of my include() and require() statements that use a relative path fail, and getcwd() returns ''
 [2006-12-05 23:30 UTC] php dot net at ryanfindley dot com
I forgot to mention that I tried the snapshot listed in the comment from 15 Nov 12:42pm UTC (PHP 5.2.1-dev), and experienced the same problem
 [2007-02-08 14:03 UTC] webtech at get-telecom dot fr
What's up about this bug ?
 [2007-02-09 16:54 UTC] lampiluoto at gmail dot com
Hello,

This bug seem to exist also in PHP 5.2.1, it
is behaving similarly to the 5.2.0 snapshot I 
tested. This is same PHP code I tested earlier.

I remind that this is situation where httpd user
doesn't have read privilege to every directory 
level in path. It has only execute/access (x) 
to some of the directories.

#
# 5.1.6 truss output
#
24204:  stat("./inc/config.php", 0xFFFFFD7FFFDFE470)    = 0
24204:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
24204:  getcwd(0xFFFFFD7FFFDFD6F0, 1024)                Err#13 EACCES [file_dac_read]
24204:  stat("./inc/config.php", 0xFFFFFD7FFFDFE390)    = 0
24204:  getcwd(0xFFFFFD7FFFDFDFA0, 1024)                Err#13 EACCES [file_dac_read]
24204:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
24204:  getcwd(0xFFFFFD7FFFDFD270, 1024)                Err#13 EACCES [file_dac_read]
24204:  open("./inc/config.php", O_RDONLY)              = 34
24204:  fstat(34, 0x007E4F90)                           = 0
24204:  lseek(34, 0, SEEK_CUR)                          = 0
24204:  read(34, " < ? p h p\n\n     / /  ".., 8192)    = 1572
24204:  read(34, 0x007E27F8, 8192)                      = 0
24204:  read(34, 0x007E27F8, 8192)                      = 0
24204:  close(34)                                       = 0
24204:  time()                                          = 1171039558
24204:  resolvepath("/data/sites/www.lampiluoto.net/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
24204:  stat("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 0xFFFFFD7FFFDFE360) = 0
24204:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
24204:  open("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", O_RDONLY) = 34
24204:  fstat(34, 0x007E5F10)                           = 0
24204:  lseek(34, 0, SEEK_CUR)                          = 0
24204:  read(34, " < ? p h p\n\n     / /\n".., 8192)    = 1171
24204:  read(34, 0x007E6C28, 8192)                      = 0
24204:  read(34, 0x007E6C28, 8192)                      = 0
24204:  brk(0x007E8F20)                                 = 0
24204:  brk(0x007ECF20)                                 = 0
24204:  brk(0x007ECF20)                                 = 0
24204:  brk(0x007ECF20)                                 = 0
24204:  brk(0x007F0F20)                                 = 0
24204:  close(34)                                       = 0
24204:  stat("./inc/db_interface.php", 0xFFFFFD7FFFDFD9C0) = 0
24204:  resolvepath("./inc/db_interface.php", "inc/db_interface.php", 1024) = 20
24204:  getcwd(0xFFFFFD7FFFDFCC40, 1024)                Err#13 EACCES [file_dac_read]
24204:  stat("./inc/db_interface.php", 0xFFFFFD7FFFDFD8E0) = 0
24204:  getcwd(0xFFFFFD7FFFDFD4F0, 1024)                Err#13 EACCES [file_dac_read]
24204:  resolvepath("./inc/db_interface.php", "inc/db_interface.php", 1024) = 20
24204:  getcwd(0xFFFFFD7FFFDFC7C0, 1024)                Err#13 EACCES [file_dac_read]
24204:  open("./inc/db_interface.php", O_RDONLY)        = 34
24204:  fstat(34, 0x007E2E30)                           = 0
24204:  lseek(34, 0, SEEK_CUR)                          = 0
24204:  read(34, " < ? p h p\n\n / /\n / /".., 8192)    = 502
24204:  read(34, 0x007E6C28, 8192)                      = 0
24204:  read(34, 0x007E6C28, 8192)                      = 0
24204:  close(34)                                       = 0


#
# 5.2.1 truss output
#
23485:  stat("./inc/config.php", 0xFFFFFD7FFFDFE0D0)    = 0
23485:  getcwd(0xFFFFFD7FFFDFD360, 1024)                Err#13 EACCES [file_dac_read]
23485:  resolvepath("./inc/config.php", "inc/config.php", 1024) = 14
23485:  getcwd(0xFFFFFD7FFFDFC660, 1024)                Err#13 EACCES [file_dac_read]
23485:  stat("/inc/config.php", 0xFFFFFD7FFFDFDFF0)     Err#2 ENOENT
23485:  stat("/opt/httpd/dev-installation/php5/lib/php/inc/config.php", 0xFFFFFD7FFFDFE0D0) Err#2 ENOENT
23485:  stat("/data/sites/www.mysite.example/dev-html/inc/config.php", 0xFFFFFD7FFFDFE0D0) = 0
23485:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/config.php", "/data/sites/www.mysite.example/dev-html/inc/config.php", 1024) = 54
23485:  stat("/data/sites/www.mysite.example/dev-html/inc/config.php", 0xFFFFFD7FFFDFDFF0) = 0
23485:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/config.php", "/data/sites/www.mysite.example/dev-html/inc/config.php", 1024) = 54
23485:  open("/data/sites/www.mysite.example/dev-html/inc/config.php", O_RDONLY) = 17
23485:  fstat(17, 0x005D0778)                           = 0
23485:  read(17, " < ? p h p\n\n     / /  ".., 8192)    = 1572
23485:  read(17, 0x005D0A20, 8192)                      = 0
23485:  close(17)                                       = 0
23485:  time()                                          = 1171038559
23485:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
23485:  stat("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 0xFFFFFD7FFFDFDFC0) = 0
23485:  resolvepath("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", "/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", 1024) = 60
23485:  open("/data/sites/www.mysite.example/dev-html/inc/func_prepare.php", O_RDONLY) = 17
23485:  fstat(17, 0x005D0778)                           = 0
23485:  read(17, " < ? p h p\n\n     / /\n".., 8192)    = 1171
23485:  read(17, 0x005D4D10, 8192)                      = 0
23485:  close(17)                                       = 0
23485:  stat("./inc/db_interface.php", 0xFFFFFD7FFFDFD220) = 0
23485:  getcwd(0xFFFFFD7FFFDFC4B0, 1024)                Err#13 EACCES [file_dac_read]
23485:  resolvepath("./inc/db_interface.php", "inc/db_interface.php", 1024) = 20
23485:  getcwd(0xFFFFFD7FFFDFB7B0, 1024)                Err#13 EACCES [file_dac_read]
23485:  stat("/inc/db_interface.php", 0xFFFFFD7FFFDFD140) Err#2 ENOENT
23485:  stat("/opt/httpd/dev-installation/php5/lib/php/inc/db_interface.php", 0xFFFFFD7FFFDFD220) Err#2 ENOENT
23485:  stat("/data/sites/www.mysite.example/dev-html/inc/inc/db_interface.php", 0xFFFFFD7FFFDFD220) Err#2 ENOENT
23485:  open("/data/logs/httpd/error_log-php", O_WRONLY|O_APPEND|O_CREAT, 0666) = 17
23485:  lseek(17, 0, SEEK_END)                          = 14856
23485:  time()                                          = 1171038559
23485:  fstat(17, 0xFFFFFD7FFFDFBAE0)                   = 0
23485:  brk(0x007D0C60)                                 = 0
23485:  brk(0x007D4C60)                                 = 0
23485:  fstat(17, 0xFFFFFD7FFFDFBA30)                   = 0
23485:  ioctl(17, TCGETA, 0xFFFFFD7FFFDFBAA0)           Err#25 ENOTTY
23485:  write(17, " [ 0 9 - F e b - 2 0 0 7".., 241)    = 241
23485:  close(17)                                       = 0
23485:  open("/data/logs/httpd/error_log-php", O_WRONLY|O_APPEND|O_CREAT, 0666) = 17
 [2007-02-23 10:28 UTC] webtech at get-telecom dot fr
Is there a solution for this bug ?
We're using PHP 5.1.6 and can't upgrade...
 [2007-02-27 20:27 UTC] mcmullent at gmail dot com
Is there any chance you need to add:

allow_url_include = On

to your php.ini? My php.ini file (from a previous PHP5 release) did not have allow_url_include, and when I tried to upgrade from 5.1.6 to 5.2.x, I was getting similar errors. When I set allow_url_include, I was able to upgrade to 5.2.1 without any issues.
 [2007-03-07 01:57 UTC] mail at unleadedonline dot net
Anybody looking to fix this bug?

We have the same setup as the original bug submitter, and can't upgrade from 5.1.6 to 5.2.1 because of this issue!

It's a showstopper.
 [2007-03-07 07:38 UTC] tony2001@php.net
>Anybody looking to fix this bug?
No, we're unable to replicate it.
If you have a Solaris10 handy - please provide an account with PHP, GDB, GCC and other utils required to reproduce and invesigate it.

 [2007-03-10 13:22 UTC] lampiluoto at gmail dot com
Hi,

I emailed with Tony about providing
Sol10 environment for reproducing the 
problem and debugging it.

--
 Tero
 [2007-03-12 15:00 UTC] webtech at get-telecom dot fr
I've tried with "allow_url_include = On", 
but with PHP 5.2.1, I've the same include problem.
 [2007-03-28 16:45 UTC] koper at koper dot biz
I've experienced the same bug on Solaris 10 with PHP 5.2.1 and Apache 2.2.4. The solution (at least temporary) is to allow webservd (apache uid/gid) +rx on every directory leading to DocumentRoot.
 [2007-04-02 15:33 UTC] nospam at dede dot fr
It's been five month that the bug is open...

Is there a chance that it'll be resolved in PHP 5.2.2 ?

The bug exits too when including (include or require function) by using .. : for example : include("../test.php");
 [2007-04-03 20:21 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 18:01:58 2014 UTC