php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #74411 SplFileInfo::getRealPath() returns false if containing folder is unreadable
Submitted: 2017-04-11 08:18 UTC Modified: 2017-05-08 04:14 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: miklcct at gmail dot com Assigned:
Status: Open Package: Filesystem function related
PHP Version: 7.1.3 OS: Windows 10
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-04-11 08:18 UTC] miklcct at gmail dot com
Description:
------------
On Windows, SplFileInfo::getRealPath() returns false if the containing folder is not readable even if the file itself is readable. This breaks in typical usage scenario where a SplFileInfo object is constructed using an uploaded file in temporary folder on Windows because the temporary folder in Windows is not readable by default, but creating files are allowed inside.

To reproduce, follow the below steps:
1. Make directory C:\dir
2. Make file C:\dir\file and put some text inside
3. Run the script, ensure that the second var_dump returns the path
4. Add an NTFS permission entry on C:\dir saying "deny everyone on this folder only advanced permission list folder / read data"
5. Run the script again


Test script:
---------------
<?php
$path = 'C:\dir\file';
$file = new SplFileInfo($path);
var_dump(file_get_contents($path));
var_dump($file);
var_dump($file->getRealPath());

Expected result:
----------------
Output similar to the below on both runs:

M:\splfileinfo_bug.php:4:
string(5) "test
"
M:\splfileinfo_bug.php:5:
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"
}
M:\splfileinfo_bug.php:6:
string(11) "C:\dir\file"

Actual result:
--------------
After denying permission, the script outputs:

M:\splfileinfo_bug.php:4:
string(5) "test
"
M:\splfileinfo_bug.php:5:
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"
}
M:\splfileinfo_bug.php:6:
bool(false)

Note that the file is readable but SplFileInfo::getRealPath() returns false.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-11 13:51 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem
 [2017-04-11 13:51 UTC] cmb@php.net
It seems to me that is rather a documentation issue, as for
realpath() it is already noted[1] that:

| The running script must have executable permissions on all
| directories in the hierarchy, otherwise realpath() will return
| FALSE.

[1] <http://php.net/manual/en/function.realpath.php#refsect1-function.realpath-returnvalues>
 [2017-04-11 14:02 UTC] miklcct at gmail dot com
I don't think it is a documentation issue, because
1. I'm using SplFileInfo, not bare functions. What the bare functions do is completely irrelevant to me.

2. Even it replicates the behaviour of that function, I have only denied the list content (read) permission but not traverse folder (execute) permission.
 [2017-05-02 17:44 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-05-02 17:44 UTC] ab@php.net
What are the exact ACLs on the folder and the file?

Thanks.
 [2017-05-08 04:14 UTC] miklcct at gmail dot com
-Status: Feedback +Status: Open
 [2017-05-08 04:14 UTC] miklcct at gmail dot com
Folder permission:
All but list folder / read data

File permission:
Full control
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Mon Jul 16 10:01:53 2018 UTC