From: kibab at icehouse dot net
Operating system: redhat enterprise
PHP version: 5.0.3
PHP Bug Type: Filesystem function related
Bug description: is_readable() results based on ownership of calling script,
not file
Description:
------------
is_readable($myfilename) in the repro code returns true if
the script calling it is owned by root, but false if it is
owned by someone else.
Permissions are:
-rw-r--r-- 1 root root 5452 Jan 13
13:02 /var/lib/php_packages/test_templ2.php
drwxr-xr-x 4 root root 4096 Jan 19
08:19 /var/lib/php_packages
drwxr-xr-x 27 root root 4096 Jan 12
09:27 /var/lib
drwxr-xr-x 24 root root 4096 Sep 22
13:06 /var
drwxr-xr-x 20 root root 4096 Oct 29 09:48 /
Relevant Settings:
include_path =
".:/var/lib/php_packages:/var/lib/php_packages/pear"
safe_mode = On
safe_mode_gid = On
safe_mode_include_dir = /var/lib/php_packages
Reproduce code:
---------------
#### test.php ###
$myfilename = '/var/lib/php_packages/test_templ2.php';
if (is_readable($myfilename)) {
echo "is_readable: $myfilename (true)<br>";
} else {
echo "is_readable: $myfilename (false)<br>";
}
include($myfilename);
### test_templ2.php ###
TESTING!
Expected result:
----------------
I would expect is_readable() to return true in both
instances. The uid/gid check shouldn't matter despite
safe mode, as the file is in safe_mode_include_dir, and
even if it wasn't, the is_readable documentation says that
it does NOT take into account safe_mode restrictions.
Actual result:
--------------
// When test.php has the following ownership:
$ ls -l test.php
-rw-rw-r-- 1 root root 278 Jan 19 13:16
test.php
// I get the following output:
is_readable: /var/lib/php_packages/test_templ2.php (true)
TESTING!
// When test.php has the following permissions:
$ ls -l test.php
-rw-rw-r-- 1 dschlegel79 undergradadmiss 278 Jan
19 13:16 test.php
// I get the following output:
is_readable: /var/lib/php_packages/test_templ2.php (false)
TESTING!
--
Edit bug report at http://bugs.php.net/?id=31618&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31618&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=31618&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=31618&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=31618&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=31618&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=31618&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=31618&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=31618&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=31618&r=support
Expected behavior: http://bugs.php.net/fix.php?id=31618&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=31618&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=31618&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=31618&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31618&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=31618&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=31618&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=31618&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=31618&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=31618&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=31618&r=mysqlcfg
