PHP :: Bug #65211 :: file_exists() warns of open_basedir on existing file mis-used as directory

Bug #65211

file_exists() warns of open_basedir on existing file mis-used as directory

Submitted:

2013-07-05 17:05 UTC

Modified:

2015-06-04 14:56 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

paolo at schiro dot it

Assigned:

cmb (profile)

Status:

Duplicate

Package:

Safe Mode/open_basedir

PHP Version:

Irrelevant

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	paolo at schiro dot it
New email:
PHP Version:		OS:

New/Additional Comment:

[2013-07-05 17:05 UTC] paolo at schiro dot it

Description:
------------
When open_basedir set file_exists() raise an open_basedir warning 
when checking a path which permitted by open_basedir but includes 
an existent file misused as directory.


Test script:
---------------
//create a file
$fhandle = fopen('existing-file-which-is-not-dir.txt', 'w');

//throw your mind away and use it as a directory
if (is_file('existing-file-which-is-not-dir.txt/test.html')) {
        print "File exists";
} else {
        print "File does not exist";
}

//show the error
print_r(error_get_last());

Expected result:
----------------
is_file should return a FALSE and you should read "File does not exist".

Actual result:
--------------
In addition to "File does not exist", you'll get a warning that 
open_basedir restriction is in effect:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-19 18:05 UTC] mail+php at requinix dot net

Duplicate of
- bug 52065 "Warning about open_basedir restriction while accessing a file as 
directory"
- bug 53041 "is_file() and open_basedir" closed to due no feedback (@pajoye: yes)

tl;dr: bug is not about open_basedir itself but rather some code being unable to 
access the file (rightly so) and the calling code assuming the failure is because 
of open_basedir.

[2014-05-07 19:28 UTC] info at ihead dot ru

File functions produce warning if argument is a path which starts with existing file.

<?
touch('./index.php');
ini_set('open_basedir', '.');
var_dump(file_exists('./index.php/.section.php'));
?>

Expected result: 
bool(false)

Actual result: 
Warning: file_exists(): open_basedir restriction in effect. File(./index.php/.section.php) is not within the allowed path(s): (.) in ***/1.php on line 4
bool(false)

OS FreeBSD.
PHP 5.3, 5.4 affected.
PHP 5.2 not affected.

[2014-06-04 07:17 UTC] requinix@php.net

Related To: Bug #67378

[2015-06-04 14:56 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2015-06-04 14:56 UTC] cmb@php.net

This is a duplicate of bug #52065.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 14:01:31 2024 UTC