php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #75000 getcwd() does not raise error when it fails
Submitted: 2017-07-28 06:09 UTC Modified: 2017-08-15 11:40 UTC
From: marco dot agnoli at me dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.1.7 OS: OS X
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: marco dot agnoli at me dot com
New email:
PHP Version: OS:

 

 [2017-07-28 06:09 UTC] marco dot agnoli at me dot com 
Description:
------------
Some functions like chdir() raise an error when they fail, but others like getcwd() don't. 

I don't see why getcwd() should not raise an error.

This makes catching errors more painful than it should be.

Test script:
---------------
<?php

var_dump(getcwd());

// Remove traversal permission for the current directory
system('chmod -x '.escapeshellarg(__DIR__));

/**
 * I would expect an error here
 * because getcwd() returns false here.
 */
var_dump(getcwd());

// Restore traversal permission
system('chmod +x '.escapeshellarg(__DIR__));


?>

Expected result:
----------------
A warning from PHP that getcwd() failed.

Actual result:
--------------
getcwd() silently returns false.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-28 06:12 UTC] marco dot agnoli at me dot com 
Same can be said for the `realpath` function:

```
<?php
error_reporting(E_ALL);

var_dump(realpath('non-existing-path'));
?>
```

realpath() expects a valid path, so why not raise an error when no valid path was specified?
 [2017-07-28 09:12 UTC] kalle@php.net
-Status: Open +Status: Not a bug
 [2017-07-28 09:12 UTC] kalle@php.net 
Both these cases are expected behavior for realpath() and getcwd() to be silent and return false. There are potential other functions that mimic similar behaviors, but in the end it is up to the end user to test the return value of these functions
 [2017-07-28 09:33 UTC] marco dot agnoli at me dot com 
I know that it is expected behaviour, but why?

Can you tell me the reasoning behind it?
 [2017-08-15 02:02 UTC] marco dot agnoli at me dot com 
I have thought about this issue once again and actually getcwd can do some serious damage if used incorrectly.

I'm aware that it is unlikely for getcwd() to fail but consider the following piece of code:

<?php

$path = \getcwd().'/bin/';

system('rm -rf '.\escapeshellarg($path));

?>

Since PHP converts false to an empty string the folder we attempt to remove would be "/bin" and we wouldn't even know about it!
 [2017-08-15 13:02 UTC] spam2 at rhsoft dot net 
sorry, but when someone don't stop argue nonsense and has nothing better to do than construct examples how nobody ever should write code *because* of the result it makes me terrible angry

PHP has not to spit out warnings all the time and in fact there a way too much places where it does (file_exists and freinds trying access a file outside openbasedir as example should just return false and be silent)

PHP would be just unusable when it acts like the reporter want it to act
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC