php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44859 is_readable() returns incorrect result with NTFS ACL permissions
Submitted: 2008-04-29 00:27 UTC Modified: 2009-05-17 19:54 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: phpbugs at steve dot ipapp dot com Assigned: pajoye
Status: Closed Package: Filesystem function related
PHP Version: 5.2.6 OS: win32 only
Private report: No CVE-ID:
 [2008-04-29 00:27 UTC] phpbugs at steve dot ipapp dot com
Description:
------------
NT ACL Permissions can be modified in Windows by right clicking on the file, going to properties, and security. Clicking the Everyone user and hitting Deny Read, will prevent ANYTHING from reading, even if they have  READ permissions granted elsewhere. 

is_readable() doesn't seem to care and thinks that all these files are readable, when in fact they aren't. is_writeable() probably has the same problem. Previous Bugs Identified with this have been closed: 41519.



Reproduce code:
---------------
$some_file = 'C:\\path\to\file.txt';
if(is_readable($some_file))
{
   echo file_get_contents($some_file);
} else
{
   echo "This file isn't readable";
}




Expected result:
----------------
With NTFS ACL Permissions set to allow reading:

*Contents of File*

With NTFS ACL Permissions set to disallow reading:

"This file isn't readable";



Actual result:
--------------
With NTFS ACL Permissions set to allow reading:

*Contents of File*

With NTFS ACL Permissions set to disallow reading:

Warning: file_get_contents(C:\\path\to\file.txt) [function.file-get-contents]: failed to open stream: Permission denied in C:\\path\to\script.php on line 4

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-08 17:11 UTC] carsten_sttgt at gmx dot de
| NT ACL Permissions ...
| is_readable() doesn't seem to care and thinks that all
| these files are readable, when in fact they aren't.

I just run into the same problem and can verify/reproduce this :-/

| is_writeable() probably has the same problem.

Correct. is_writeable() only looks for the "read-only" file system attribute (this one works).

But like is_readable(), it does not make a real UID/GID check on Windows.

And there is no similar attribute for is_readable(), so is_readable() is useless on Windows at the moment.

Regards,
Carsten
 [2009-05-17 19:54 UTC] pajoye@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

fixed in 5.3 and HEAD (6)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 15:01:54 2014 UTC