php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65211 file_exists() warns of open_basedir on existing file mis-used as directory
Submitted: 2013-07-05 17:05 UTC Modified: 2015-06-04 14:56 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: paolo at schiro dot it Assigned: cmb (profile)
Status: Duplicate Package: Safe Mode/open_basedir
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2013-07-05 17:05 UTC] paolo at schiro dot it 
Description:
------------
When open_basedir set file_exists() raise an open_basedir warning 
when checking a path which permitted by open_basedir but includes 
an existent file misused as directory.


Test script:
---------------
//create a file
$fhandle = fopen('existing-file-which-is-not-dir.txt', 'w');

//throw your mind away and use it as a directory
if (is_file('existing-file-which-is-not-dir.txt/test.html')) {
        print "File exists";
} else {
        print "File does not exist";
}

//show the error
print_r(error_get_last());

Expected result:
----------------
is_file should return a FALSE and you should read "File does not exist".

Actual result:
--------------
In addition to "File does not exist", you'll get a warning that 
open_basedir restriction is in effect:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-19 18:05 UTC] mail+php at requinix dot net 
Duplicate of
- bug 52065 "Warning about open_basedir restriction while accessing a file as 
directory"
- bug 53041 "is_file() and open_basedir" closed to due no feedback (@pajoye: yes)

tl;dr: bug is not about open_basedir itself but rather some code being unable to 
access the file (rightly so) and the calling code assuming the failure is because 
of open_basedir.
 [2014-05-07 19:28 UTC] info at ihead dot ru 
File functions produce warning if argument is a path which starts with existing file.

<?
touch('./index.php');
ini_set('open_basedir', '.');
var_dump(file_exists('./index.php/.section.php'));
?>

Expected result: 
bool(false)

Actual result: 
Warning: file_exists(): open_basedir restriction in effect. File(./index.php/.section.php) is not within the allowed path(s): (.) in ***/1.php on line 4
bool(false)

OS FreeBSD.
PHP 5.3, 5.4 affected.
PHP 5.2 not affected.
 [2014-06-04 07:17 UTC] requinix@php.net 
Related To: Bug #67378
 [2015-06-04 14:56 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2015-06-04 14:56 UTC] cmb@php.net 
This is a duplicate of bug #52065.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC