|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #74411 SplFileInfo::getRealPath() returns false if containing folder is unreadable
Submitted: 2017-04-11 08:18 UTC Modified: 2017-05-08 04:14 UTC
Avg. Score:4.5 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: miklcct at gmail dot com Assigned:
Status: Open Package: Filesystem function related
PHP Version: 7.1.3 OS: Windows 10
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
36 - 5 = ?
Subscribe to this entry?

 [2017-04-11 08:18 UTC] miklcct at gmail dot com
On Windows, SplFileInfo::getRealPath() returns false if the containing folder is not readable even if the file itself is readable. This breaks in typical usage scenario where a SplFileInfo object is constructed using an uploaded file in temporary folder on Windows because the temporary folder in Windows is not readable by default, but creating files are allowed inside.

To reproduce, follow the below steps:
1. Make directory C:\dir
2. Make file C:\dir\file and put some text inside
3. Run the script, ensure that the second var_dump returns the path
4. Add an NTFS permission entry on C:\dir saying "deny everyone on this folder only advanced permission list folder / read data"
5. Run the script again

Test script:
$path = 'C:\dir\file';
$file = new SplFileInfo($path);

Expected result:
Output similar to the below on both runs:

string(5) "test
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"
string(11) "C:\dir\file"

Actual result:
After denying permission, the script outputs:

string(5) "test
class SplFileInfo#1 (2) {
  private $pathName =>
  string(11) "C:\dir\file"
  private $fileName =>
  string(4) "file"

Note that the file is readable but SplFileInfo::getRealPath() returns false.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-11 13:51 UTC]
-Type: Bug +Type: Documentation Problem
 [2017-04-11 13:51 UTC]
It seems to me that is rather a documentation issue, as for
realpath() it is already noted[1] that:

| The running script must have executable permissions on all
| directories in the hierarchy, otherwise realpath() will return

[1] <>
 [2017-04-11 14:02 UTC] miklcct at gmail dot com
I don't think it is a documentation issue, because
1. I'm using SplFileInfo, not bare functions. What the bare functions do is completely irrelevant to me.

2. Even it replicates the behaviour of that function, I have only denied the list content (read) permission but not traverse folder (execute) permission.
 [2017-05-02 17:44 UTC]
-Status: Open +Status: Feedback
 [2017-05-02 17:44 UTC]
What are the exact ACLs on the folder and the file?

 [2017-05-08 04:14 UTC] miklcct at gmail dot com
-Status: Feedback +Status: Open
 [2017-05-08 04:14 UTC] miklcct at gmail dot com
Folder permission:
All but list folder / read data

File permission:
Full control
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 01:03:33 2021 UTC