That is supposed to be fixed as of PHP 7.1.0alpha2. Please try
with a version from <http://windows.php.net/qa/>.

Didn't change. If not made worse.

Refined script:

<?php

$fn = "{$_SERVER['TEMP']}/_test/documents/projects/myproject/vendor/name/library/classpath";
$fn1 = "$fn/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library/classpath";
mkdir($fn, 0777, true);
error_log(sprintf("(%u)%s", strlen($fn), $fn));
error_log("=>" . realpath($fn));
error_log(sprintf("(%u)%s", strlen($fn1), $fn1));
error_log("=>" . realpath($fn1));
error_log(sprintf("(%u)%s", strlen(dirname($fn1)), dirname($fn1)));
error_log("=>" . realpath(dirname($fn1)));

PHP 5.6.23/64
(101)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath
=>C:\Users\anrdaemon\AppData\Local\Temp\_test\documents\projects\myproject\vendor\name\library\classpath
(266)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library/classpath
=>
(256)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library
=>C:\Users\anrdaemon\AppData\Local\Temp\_test\documents\projects\myproject\vendor\name\library

PHP 7.0.8/64
(101)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath
=>C:\Users\anrdaemon\AppData\Local\Temp\_test\documents\projects\myproject\vendor\name\library\classpath
(266)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library/classpath
=>
(256)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library
=>C:\Users\anrdaemon\AppData\Local\Temp\_test\documents\projects\myproject\vendor\name\library

PHP 7.1.0b1/64
(101)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath
=>C:\Users\anrdaemon\AppData\Local\Temp\_test\documents\projects\myproject\vendor\name\library\classpath
(266)C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library/classpath
=>
(260)\\?\C:\Users\ANRDAE~1\AppData\Local\Temp/_test/documents/projects/myproject/vendor/name/library/classpath/../../../../../../../../_test/documents/projects/myproject/vendor/name/library/../../../../../../../_test/documents/projects/myproject/vendor/name/library
=>

Indeed, can also reproduce with current master.

The issue is FindFirstFileW(), which isn't as liberal with regard
to the \\?\ prefix as without it. POC:

    #include <windows.h>
    
    int main()
    {
        HANDLE h;
        WIN32_FIND_DATA fd;
    
        h = FindFirstFileW(L"C:\\Windows", &fd);
        printf("%i\n", h != INVALID_HANDLE_VALUE);
        h = FindFirstFileW(L"C:/Windows", &fd);
        printf("%i\n", h != INVALID_HANDLE_VALUE);
        h = FindFirstFileW(L"\\\\?\\C:\\Windows", &fd);
        printf("%i\n", h != INVALID_HANDLE_VALUE);
        h = FindFirstFileW(L"\\\\?\\C:/Windows", &fd);
        printf("%i\n", h != INVALID_HANDLE_VALUE);
        return 0;
    }

outputs:

    1
    1
    1
    0

Neither slashes (nor dots nor double-dots) are converted, as noted
on MSDN in the section about "Maximum Path Length Limitation"[1].

It occurs to me that this conversion would have to be done by PHP
in the first place. Anatol, what do you think?

[1] <https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath>

@cmb, yeah, Windows API won't do any magic with \\?\ prefixed paths. I intentionally left this part, because there is yet no API for all windows versions (starting with 8.1 there is one). Also, that saves some memory operations. While replacing slashes wouldn't cost any memory overhead, so probably could be done. Since this issue is related to composer, probably worth it at least. I'll look to maybe come up with some custom PathCchCanonicalizeEx for lower Windows versions.

Thanks.

Christoph, i've fixed this exact case, and also partially the general case using teh new APIs when available. Reimplementing the path canonicalization might take some time. The clean case is however worky under any circumstances.

@anrdaemon just one note to your code - realpath(dirname($fn1)) seems wrong. If the path ends with some periods, it might deliver usexpected results.

Thanks.

Thanks, Anatol.

> Reimplementing the path canonicalization might take some time.

In my opinion, a fallback for Windows < 8.1 is not absolutely
necessary; this might simply be documented as limitation.

Yes, the "dirname(realpath(...))" isn't completely foolproof.
I've used it as a means to show that the string length is an issue, and to not use any questionable and hard to understand code in its place.
dirname() would cut the last element in the path, and if the original path actually exists, the result of dirname()'ing would guarantee to exist as well, as in this specific case.
In regard to Composer, the origin of its issue is https://bugs.php.net/bug.php?id=72642
But it seems the person replying to that bug has his head way above his shoulders.