ID: 47315 Updated by: scott...@php.net Reported By: spam2 at rhsoft dot net Status: Bogus Bug Type: Feature/Change Request PHP Version: 5.2.8 New Comment:
is_file() works on any string that allows a stat calls, this includes archives, ftp, sftp or the local file system. If you can use the file functions to read it you should be able to stat it. If you are looking to test things on the local system you're probably looking for realpath() to resolve the path on the local filesystem. Or maybe just a check to make sure that the path doesn't have a protocol at the start. Finally, you should realise that PHP is run by volunteers. It's an open source project and being aggressive towards any contributor won't get you anywhere. It's likely to get a inflammatory response and zero help. Previous Comments: ------------------------------------------------------------------------ [2009-02-05 16:12:42] spam2 at rhsoft dot net What do you think to get as answer to "Wow only 6 years too late for suggested changes"? How do you think should i smell this idiotic-change? I noticed this while reading a security-news about the break-in in the phpBB server and the second comment from stefan esser pointed at this problem. My last test remote/local file was to a http-url did what i think NOBODY can smell that ftp-URLs does other things and so this idiotic change will not be noticed from > 90% of all developers but can hit a application if a exploit knows about it and the attacker places his files on a ftp-server instead of http ------------------------------------------------------------------------ [2009-02-05 15:45:26] scott...@php.net We're sorry that you're an asshole and feel unhappy with PHP which is an open source project. Feel free to submit some updates to the German manual if you have time. ------------------------------------------------------------------------ [2009-02-05 15:40:36] spam2 at rhsoft dot net Foolish idiot in the last available german doku is until today no hint http://www.php.net/manual/de/function.is-file.php Hinweis: Diese Funktion kann nicht mit entfernten Dateien arbeiten, da der Zugriff auf die Datei, die bearbeitet werden soll, über das Dateisystem des Servers möglich sein muss. This means it DOES NOT support remote-files, this was years along fact is documentaded and used at many locations until today and some idiots think it's cool to make it impossilbe to check if you work with a local or a remote file..... Wow, only 6 years too late to refresh the documentation and if you i should use the english one - WHY does a german one exists? Only idiots are making such major changes without thinking what this can mean for existing applications and to make this joke perfect it works with some streams (ftp) and some other not (http) Again: How stupid must a guy be to create such a crap? And yes i know that i'm not friendly because stupid people are making me angry - everytime and everywehre! Even if its documentated - how check if path is local or remote even if you change the application? ------------------------------------------------------------------------ [2009-02-05 15:10:11] scott...@php.net Wow only 6 years too late for suggested changes. Changes were made to use streams, the end. ------------------------------------------------------------------------ [2009-02-05 14:54:38] spam2 at rhsoft dot net Description: ------------ > As of PHP 5.0.0, this function can also be used with some URL > wrappers. Refer to List of Supported Protocols/Wrappers for > a listing of which wrappers support stat() family of functionality. Which fool has decided to make such a MAJOR-CHANGE for functions like "is_file()" as default instead of enable this only with a new optional parameter? You will break EVERY check in applications if the given path is a local file! Revert this completly or add a parameter to enable it Has anybody ever thougt that this can make SECURITY-PROBLEMS in some cases? I hope no one wites a new function like "is_real_file" as seen at "mysql_escape_string/mysql_real_escape_string", this is crap and sometimes i wonder why many people are not thinking before doing! Reproduce code: --------------- $path = 'ftp://user:p...@host/file.txt'; if(is_file($path)) { echo 'yes'; } else { echo 'no'; } Expected result: ---------------- no Actual result: -------------- yes ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47315&edit=1
