|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52065 Warning about open_basedir restriction while accessing a file as directory
Submitted: 2010-06-12 14:58 UTC Modified: 2015-06-04 00:00 UTC
Avg. Score:4.2 ± 1.0
Reproduced:27 of 27 (100.0%)
Same Version:10 (37.0%)
Same OS:15 (55.6%)
From: manuel at mausz dot at Assigned:
Status: Verified Package: Safe Mode/open_basedir
PHP Version: 5.6.8 OS: Unix
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-06-12 14:58 UTC] manuel at mausz dot at
fopen_wrappers raise warning about open_basedir restriction in effect while accessing a file as a directory. This only occurs if the file exists.

Test script:
# sapi/cli/php -n -d open_basedir="$(pwd)" -r 'var_dump(is_readable("myfile/doesntexist"));'
# touch myfile
# sapi/cli/php -n -d open_basedir="$(pwd)" -r 'var_dump(is_readable("myfile/doesntexist"));'

Expected result:


Actual result:

Warning: is_readable(): open_basedir restriction in effect. File(myfile/doesntexist) is not within the allowed path(s): (/home/manuel/php5.3-201006120030) in Command line code on line 1


open-basedir-without-realpath (last revision 2015-04-29 20:11 UTC by

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-08-11 12:20 UTC] manuel at mausz dot at
Can someone please finally take a look at this?
 [2012-04-28 07:18 UTC] nick at aussiecom dot com
Why hasn't this bug been resolved? It's nearly 2 years old...
 [2012-08-08 07:20 UTC] mein at e3b dot org
This bug is also present in php 5.4...
 [2015-04-29 20:11 UTC]
The following patch has been added/updated:

Patch Name: open-basedir-without-realpath
Revision:   1430338315
 [2015-04-29 20:14 UTC]
-Status: Open +Status: Verified -PHP Version: 5.3SVN-2010-06-12 (SVN) +PHP Version: 5.6.8
 [2015-04-29 20:14 UTC]
The patch open-basedir-without-realpath would fix this issue, but
it might have security implications or other undesired side
 [2015-06-03 08:26 UTC]
Any news on this one? Edge case but still :)
 [2015-06-04 00:00 UTC]
Considering the amount of closely related bug reports[1], I
wouldn't necessarily call that an edge case, Pierre. :)

I'll make a PR based on my patch with some tests, if no one beats
me to it.

[1] I've assembled a maybe non-exhaustive list in
 [2015-09-22 10:20 UTC] jan dot prachar at gmail dot com
Broken since 5.3.0, see
 [2018-02-28 22:26 UTC] a19836 at gmail dot com
Why isn't this bug fixed yet?
It was detected in 2013 or even before. And already passed 5 years... 

I trying the following example with PHP 7 and I'm getting exactly the same error.

ini_set("open_basedir", __DIR__);
file_put_contents(__DIR__ . "/foo.txt", "bar");
echo "EXISTS:".file_exists(__DIR__ . "/foo.txt/");

Error: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/www/html/test/foo.txt/) is not within the allowed path(s): (/var/www/html/test) in /var/www/html/test/test.php on line 4

Can you please fix this and let me know please?
 [2018-10-02 05:08 UTC] sriccio at swisscenter dot com
We're seeing this in all the PHP versions we use (5.6, 7.0, 7.1, 7.2).

Literally spent hours trying to understand why we have these warning even that the paths are allowed in the open_basedir directive.

Finally it was because the parent dir of a path was in fact a file and not a dir.

The warning message is really misleading...

It would really be nice to fix this
 [2019-11-12 16:36 UTC] michael dot vorisek at email dot cz
Please fix asap, reported by many users. Thank you.
 [2020-11-12 15:04 UTC] php dot stephan at lippe-net dot de
Cool, a bug described in 2010 not even fixed in PHP 8.0RC3.
That's a statement!
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Apr 19 08:01:25 2021 UTC