#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: I can't get to it, I just keep getting a 404 error? Previous Comments: [2005-08-12 01:00:10] [EMAIL PROTECTED] Please try this patch: http://tony2001.phpclub.net/dev/tmp/bugs_29840_31618.diff (with the latest snapshot/CVS). [2005-08-11 15:57:11] kibab at icehouse dot net Yes. I read docs, although I sometimes misunderstand them: Note in my previous post: safe_mode_include_dir = /usr/share/pear Also note that per the documentation (http://www.php.net/manual/en/features.safe-mode.php): safe_mode_include_dir string UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including). Certainly $myfilename = '/usr/share/pear/commonfile.php'; is in safe_mode_include dir. Thus, the error message is incorrect and *is* a PHP bug. [2005-08-11 11:10:57] [EMAIL PROTECTED] Did you read something about safe_mode before turning it On? By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access. (c) http://www.php.net/manual/en/features.safe-mode.php So, it's perfectly fine to have these errors and to have FALSE in is_readable() because you turned safe_mode yourself. This is expected behaviour. [2005-08-11 01:59:45] kibab at icehouse dot net Ok. It says (see http://www.ewu.edu/web/tools/bug31618_3.php): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 687/694 is not allowed to access /usr/share/pear/commonfile.php owned by uid/gid 0/0 in /var/www/sites/web/tools/bug31618_3.php on line 3 Warning: fopen(/usr/share/pear/commonfile.php) [function.fopen]: failed to open stream: Resource temporarily unavailable in /var/www/sites/web/tools/bug31618_3.php on line 3 [2005-08-10 20:44:05] [EMAIL PROTECTED] Of course, I meant this: ?php $myfilename = '/usr/share/pear/commonfile.php'; fopen($myfilename, 'r'); ? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: Ok, I tried it out on my dev server and it works! is_readable() now returns the correct values based on the ownership of the file. From my initial test: is_readable: /var/lib/php/test_templ2.php (true) TEST The fopen($myfilename) call, however, still fails with the following error message (perhaps I should file this as a separate bug report...): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 49/49 is not allowed to access /var/lib/php/test_templ2.php owned by uid/gid 0/0 in /var/www/sites/devel/test.php on line 10 Warning: fopen(/var/lib/php/test_templ2.php) [function.fopen]: failed to open stream: Success in /var/www/sites/devel/test.php on line 10 And... safe_mode_include_dir on that server is set to /var/lib/php. Previous Comments: [2005-08-12 18:03:49] [EMAIL PROTECTED] Please try again. It should be there this time. [2005-08-12 17:33:29] kibab at icehouse dot net I can't get to it, I just keep getting a 404 error? [2005-08-12 01:00:10] [EMAIL PROTECTED] Please try this patch: http://tony2001.phpclub.net/dev/tmp/bugs_29840_31618.diff (with the latest snapshot/CVS). [2005-08-11 15:57:11] kibab at icehouse dot net Yes. I read docs, although I sometimes misunderstand them: Note in my previous post: safe_mode_include_dir = /usr/share/pear Also note that per the documentation (http://www.php.net/manual/en/features.safe-mode.php): safe_mode_include_dir string UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including). Certainly $myfilename = '/usr/share/pear/commonfile.php'; is in safe_mode_include dir. Thus, the error message is incorrect and *is* a PHP bug. [2005-08-11 11:10:57] [EMAIL PROTECTED] Did you read something about safe_mode before turning it On? By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access. (c) http://www.php.net/manual/en/features.safe-mode.php So, it's perfectly fine to have these errors and to have FALSE in is_readable() because you turned safe_mode yourself. This is expected behaviour. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#31618 [Bgs-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Bogus +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: Yes. I read docs, although I sometimes misunderstand them: Note in my previous post: safe_mode_include_dir = /usr/share/pear Also note that per the documentation (http://www.php.net/manual/en/features.safe-mode.php): safe_mode_include_dir string UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including). Certainly $myfilename = '/usr/share/pear/commonfile.php'; is in safe_mode_include dir. Thus, the error message is incorrect and *is* a PHP bug. Previous Comments: [2005-08-11 11:10:57] [EMAIL PROTECTED] Did you read something about safe_mode before turning it On? By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access. (c) http://www.php.net/manual/en/features.safe-mode.php So, it's perfectly fine to have these errors and to have FALSE in is_readable() because you turned safe_mode yourself. This is expected behaviour. [2005-08-11 01:59:45] kibab at icehouse dot net Ok. It says (see http://www.ewu.edu/web/tools/bug31618_3.php): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 687/694 is not allowed to access /usr/share/pear/commonfile.php owned by uid/gid 0/0 in /var/www/sites/web/tools/bug31618_3.php on line 3 Warning: fopen(/usr/share/pear/commonfile.php) [function.fopen]: failed to open stream: Resource temporarily unavailable in /var/www/sites/web/tools/bug31618_3.php on line 3 [2005-08-10 20:44:05] [EMAIL PROTECTED] Of course, I meant this: ?php $myfilename = '/usr/share/pear/commonfile.php'; fopen($myfilename, 'r'); ? [2005-08-10 20:36:39] [EMAIL PROTECTED] Could you plz also try this: ?php fopen($myfilename, 'r'); ? And post the error message here. Thanks. [2005-08-10 20:24:48] kibab at icehouse dot net Ok, here's a new complete example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd some directory in safe_mode_include_dir # note, I used cd /usr/share/pear echo TESTING commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r--1 root root8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r--1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE safe|include /etc/php.ini | grep -v ^; safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = /usr/local/php_exe/bin safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = .:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: Ok, here's a new complete example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd some directory in safe_mode_include_dir # note, I used cd /usr/share/pear echo TESTING commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r--1 root root8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r--1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE safe|include /etc/php.ini | grep -v ^; safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = /usr/local/php_exe/bin safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = .:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. Previous Comments: [2005-08-08 19:56:08] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with ?php and ends with ?, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. [2005-05-19 06:14:33] kibab at icehouse dot net From memory, all files were mode 664 and all directories had permissions of 775 being owned by root:root. However, I no longer have that same structure to prove that. If you like, I can setup an almost identical test case using the code that I included below (but using my new structure). [2005-05-17 17:18:48] [EMAIL PROTECTED] What are the permissions of all the directories in that path? (/var/lib/php_packages/) [2005-01-20 22:32:24] kibab at icehouse dot net Maybe this isn't directly related, but fopen($myfilename,r) also fails, even though include($myfilename) works. Again, $myfilename is in the safe_mode_include_dir, so fopen should be able to open it. [2005-01-19 23:05:35] kibab at icehouse dot net Description: is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r--1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = .:/var/lib/php_packages:/var/lib/php_packages/pear safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --- test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: I would expect is_readable() to return true in both instances. The uid/gid check shouldn't matter despite safe mode, as the file is in safe_mode_include_dir, and even if it wasn't, the is_readable documentation says that it does NOT take into account
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: Ok. It says (see http://www.ewu.edu/web/tools/bug31618_3.php): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 687/694 is not allowed to access /usr/share/pear/commonfile.php owned by uid/gid 0/0 in /var/www/sites/web/tools/bug31618_3.php on line 3 Warning: fopen(/usr/share/pear/commonfile.php) [function.fopen]: failed to open stream: Resource temporarily unavailable in /var/www/sites/web/tools/bug31618_3.php on line 3 Previous Comments: [2005-08-10 20:44:05] [EMAIL PROTECTED] Of course, I meant this: ?php $myfilename = '/usr/share/pear/commonfile.php'; fopen($myfilename, 'r'); ? [2005-08-10 20:36:39] [EMAIL PROTECTED] Could you plz also try this: ?php fopen($myfilename, 'r'); ? And post the error message here. Thanks. [2005-08-10 20:24:48] kibab at icehouse dot net Ok, here's a new complete example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd some directory in safe_mode_include_dir # note, I used cd /usr/share/pear echo TESTING commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r--1 root root8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r--1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE safe|include /etc/php.ini | grep -v ^; safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = /usr/local/php_exe/bin safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = .:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. [2005-08-08 19:56:08] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with ?php and ends with ?, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. [2005-05-19 06:14:33] kibab at icehouse dot net From memory, all files were mode 664 and all directories had permissions of 775 being owned by root:root. However, I no longer have that same structure to prove that. If you like, I can setup an almost identical test case using the code that I included below (but using my new structure). The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment: From memory, all files were mode 664 and all directories had permissions of 775 being owned by root:root. However, I no longer have that same structure to prove that. If you like, I can setup an almost identical test case using the code that I included below (but using my new structure). Previous Comments: [2005-05-17 17:18:48] [EMAIL PROTECTED] What are the permissions of all the directories in that path? (/var/lib/php_packages/) [2005-01-20 22:32:24] kibab at icehouse dot net Maybe this isn't directly related, but fopen($myfilename,r) also fails, even though include($myfilename) works. Again, $myfilename is in the safe_mode_include_dir, so fopen should be able to open it. [2005-01-19 23:05:35] kibab at icehouse dot net Description: is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r--1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = .:/var/lib/php_packages:/var/lib/php_packages/pear safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --- test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: I would expect is_readable() to return true in both instances. The uid/gid check shouldn't matter despite safe mode, as the file is in safe_mode_include_dir, and even if it wasn't, the is_readable documentation says that it does NOT take into account safe_mode restrictions. Actual result: -- // When test.php has the following ownership: $ ls -l test.php -rw-rw-r--1 root root 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (true) TESTING! // When test.php has the following permissions: $ ls -l test.php -rw-rw-r--1 dschlegel79 undergradadmiss 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (false) TESTING! -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#30931 [Com]: is_writable() and is_readable() return false when access is permitted via ACL
ID: 30931 Comment by: kibab at icehouse dot net Reported By: bugzilla-php at bwurst dot org Status: No Feedback Bug Type: Filesystem function related Operating System: gentoo linux (kernel 2.6) PHP Version: 5.0.2 New Comment: This is not fixed yet as of Mar. 31 in the 5.0.4 release. Previous Comments: [2005-03-08 01:00:08] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to Open. [2005-02-28 21:21:59] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2004-11-29 17:26:56] bugzilla-php at bwurst dot org Description: PHP's is_readable() and is_writable() function report nonsense on ACLs... We have the following test case: A file containing ?php echo __FILE__.' is '.(is_readable(__FILE__) ? '' : 'NOT ').readable!br\n; echo __FILE__.' is '.(is_writable(__FILE__) ? '' : 'NOT ').writable!br\n; ? it's made accessible to the webserver via $ getfacl index.php # file: index.php # owner: someuser # group: webadm user::rw- user:apache:rw- group::r-- mask::rw- other::--- So apache is neither the owner nor in the group but it's accessible through ACL. If I call this file via the webserver, I get /srv/http/[...]/test/index.php is NOT readable! /srv/http/[...]/test/index.php is NOT writable! [...] has been inserted by me, of course. This method works perfectly, the webserver (and also PHP) *can* read and write the file but the is_readable() and is_writable() return wrong values. It really seems like bug #14923, but that one's fixed after php-4.1.0. Also it's CLOSED, so I cannot add a comment there. :-( -- Edit this bug report at http://bugs.php.net/?id=30931edit=1
#31618 [Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: A bit more information. I ran the compile command manually using gcc -E instead of libtool, and it turns out that xmlErrorPtr hasn't yet been defined at that point, which is why it's dieing. Also, I grepped for it but it's not present: $ pwd /usr/include/libxml2 $ grep -rni xmlError * libxml/globals.h:17:#include libxml/xmlerror.h Per {acinclude,aclocal}.m4, libxml2 version 2.5.10 is required, but I have that installed I'll keep investigating... thanks. Previous Comments: [2005-03-09 16:42:44] kibab at icehouse dot net Configure options listed below. It's basically a mirror of the standard PHP-4 Redhat options adapted for PHP-5, with a couple of extra options I added in. ./configure '--host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=./config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-dom=/usr' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-discard-path' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--without-oci8' '--with-pear=/usr/share/pear' '--with-imap=/usr' '--with-imap-ssl' '--with-kerberos=/usr/kerberos' '--with-ldap=/usr' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-pgsql=/usr' '--with-unixODBC=/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-versioning' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--with-apxs2filter=/usr/sbin/apxs' '--with-xsl=/usr' '--with-mysqli=/usr/bin/mysql_config' In terms of what libxml I'm running (from rpm -qa | grep -i libxml): libxml2-2.5.10-7 libxml2-devel-2.5.10-7 libxml-1.8.17-9.2 As a side note, I haven't had any problems compiling PHP-5.0.1 through PHP-5.0.3 using the above configure line nor the version of libxml2 that I have been running (it might have changed a bit over time because of up2date, but it hasn't been that dramatic a change). [2005-03-09 00:58:42] [EMAIL PROTECTED] What libxml2 version do you have installed? What configure options did you use? [2005-03-09 00:47:17] kibab at icehouse dot net I tried and it didn't compile: [EMAIL PROTECTED] php5-200503082130***]$ make /bin/sh /root/builds/php5-200503082130/libtool --silent --preserve-dup-deps --mode=compile gcc -Iext/libxml/ -I/root/builds/php5-200503082130/ext/libxml/ -DPHP_ATOM_INC -I/root/builds/php5-200503082130/include -I/root/builds/php5-200503082130/main -I/root/builds/php5-200503082130 -I/root/builds/php5-200503082130/Zend -I/usr/include/libxml2 -I/usr/kerberos/include -I/usr/include/freetype2 -I/usr/include/imap -I/root/builds/php5-200503082130/ext/mbstring/oniguruma -I/root/builds/php5-200503082130/ext/mbstring/libmbfl -I/root/builds/php5-200503082130/ext/mbstring/libmbfl/mbfl -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include/pspell -I/root/builds/php5-200503082130/TSRM -g-O2 -prefer-non-pic -c /root/builds/php5-200503082130/ext/libxml/libxml.c -o ext/libxml/libxml.lo /root/builds/php5-200503082130/ext/libxml/libxml.c:337: syntax error before error /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `_php_libxml_free_error': /root/builds/php5-200503082130/ext/libxml/libxml.c:339: `error' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:339: (Each undeclared identifier is reported only once /root/builds/php5-200503082130/ext/libxml/libxml.c
#31618 [Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: Ok. It turns out xmlErrorPtr (and all the other changes) are associated with libxml2 version 2.6.X. So, the docs are wrong now, assuming the upgrade was intended. I guess my RPM's are no longer sufficient. acinclude.m4, aclocal.m4, and configure all mention 2.5.10. However, ext/xml/xml.c has a reference to php_error_docref() that mentions upgrading to libxml2 version 2.6. So, libxml2 version 2.6 is the official requirement now? Previous Comments: [2005-03-09 18:16:01] kibab at icehouse dot net A bit more information. I ran the compile command manually using gcc -E instead of libtool, and it turns out that xmlErrorPtr hasn't yet been defined at that point, which is why it's dieing. Also, I grepped for it but it's not present: $ pwd /usr/include/libxml2 $ grep -rni xmlError * libxml/globals.h:17:#include libxml/xmlerror.h Per {acinclude,aclocal}.m4, libxml2 version 2.5.10 is required, but I have that installed I'll keep investigating... thanks. [2005-03-09 16:42:44] kibab at icehouse dot net Configure options listed below. It's basically a mirror of the standard PHP-4 Redhat options adapted for PHP-5, with a couple of extra options I added in. ./configure '--host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=./config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-dom=/usr' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-discard-path' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--without-oci8' '--with-pear=/usr/share/pear' '--with-imap=/usr' '--with-imap-ssl' '--with-kerberos=/usr/kerberos' '--with-ldap=/usr' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-pgsql=/usr' '--with-unixODBC=/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-versioning' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--with-apxs2filter=/usr/sbin/apxs' '--with-xsl=/usr' '--with-mysqli=/usr/bin/mysql_config' In terms of what libxml I'm running (from rpm -qa | grep -i libxml): libxml2-2.5.10-7 libxml2-devel-2.5.10-7 libxml-1.8.17-9.2 As a side note, I haven't had any problems compiling PHP-5.0.1 through PHP-5.0.3 using the above configure line nor the version of libxml2 that I have been running (it might have changed a bit over time because of up2date, but it hasn't been that dramatic a change). [2005-03-09 00:58:42] [EMAIL PROTECTED] What libxml2 version do you have installed? What configure options did you use? [2005-03-09 00:47:17] kibab at icehouse dot net I tried and it didn't compile: [EMAIL PROTECTED] php5-200503082130***]$ make /bin/sh /root/builds/php5-200503082130/libtool --silent --preserve-dup-deps --mode=compile gcc -Iext/libxml/ -I/root/builds/php5-200503082130/ext/libxml/ -DPHP_ATOM_INC -I/root/builds/php5-200503082130/include -I/root/builds/php5-200503082130/main -I/root/builds/php5-200503082130 -I/root/builds/php5-200503082130/Zend -I/usr/include/libxml2 -I/usr/kerberos/include -I/usr/include/freetype2 -I/usr/include/imap -I/root/builds/php5-200503082130/ext/mbstring/oniguruma -I/root/builds/php5-200503082130/ext/mbstring/libmbfl -I/root/builds/php5-200503082130/ext/mbstring/libmbfl/mbfl -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include/pspell -I/root/builds
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: Configure options listed below. It's basically a mirror of the standard PHP-4 Redhat options adapted for PHP-5, with a couple of extra options I added in. ./configure '--host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=./config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-dom=/usr' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-discard-path' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--without-oci8' '--with-pear=/usr/share/pear' '--with-imap=/usr' '--with-imap-ssl' '--with-kerberos=/usr/kerberos' '--with-ldap=/usr' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-pgsql=/usr' '--with-unixODBC=/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-versioning' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--with-apxs2filter=/usr/sbin/apxs' '--with-xsl=/usr' '--with-mysqli=/usr/bin/mysql_config' In terms of what libxml I'm running (from rpm -qa | grep -i libxml): libxml2-2.5.10-7 libxml2-devel-2.5.10-7 libxml-1.8.17-9.2 As a side note, I haven't had any problems compiling PHP-5.0.1 through PHP-5.0.3 using the above configure line nor the version of libxml2 that I have been running (it might have changed a bit over time because of up2date, but it hasn't been that dramatic a change). Previous Comments: [2005-03-09 00:58:42] [EMAIL PROTECTED] What libxml2 version do you have installed? What configure options did you use? [2005-03-09 00:47:17] kibab at icehouse dot net I tried and it didn't compile: [EMAIL PROTECTED] php5-200503082130***]$ make /bin/sh /root/builds/php5-200503082130/libtool --silent --preserve-dup-deps --mode=compile gcc -Iext/libxml/ -I/root/builds/php5-200503082130/ext/libxml/ -DPHP_ATOM_INC -I/root/builds/php5-200503082130/include -I/root/builds/php5-200503082130/main -I/root/builds/php5-200503082130 -I/root/builds/php5-200503082130/Zend -I/usr/include/libxml2 -I/usr/kerberos/include -I/usr/include/freetype2 -I/usr/include/imap -I/root/builds/php5-200503082130/ext/mbstring/oniguruma -I/root/builds/php5-200503082130/ext/mbstring/libmbfl -I/root/builds/php5-200503082130/ext/mbstring/libmbfl/mbfl -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include/pspell -I/root/builds/php5-200503082130/TSRM -g-O2 -prefer-non-pic -c /root/builds/php5-200503082130/ext/libxml/libxml.c -o ext/libxml/libxml.lo /root/builds/php5-200503082130/ext/libxml/libxml.c:337: syntax error before error /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `_php_libxml_free_error': /root/builds/php5-200503082130/ext/libxml/libxml.c:339: `error' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:339: (Each undeclared identifier is reported only once /root/builds/php5-200503082130/ext/libxml/libxml.c:339: for each function it appears in.) /root/builds/php5-200503082130/ext/libxml/libxml.c: At top level: /root/builds/php5-200503082130/ext/libxml/libxml.c:343: syntax error before error /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `_php_list_set_error_structure': /root/builds/php5-200503082130/ext/libxml/libxml.c:345: `xmlError' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:345: syntax error before error_copy /root/builds/php5-200503082130/ext/libxml/libxml.c:350: `error_copy' undeclared (first use
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: Ok. I installed libxml2-2.6.16 and compiled both. STABLE snapshot from last night compiles fine and links to the new libxml2. UNSTABLE fails linking: ... ext/libxml/libxml.lo(.text+0x362): In function `_php_libxml_free_error': /root/builds/php5-200503091530/ext/libxml/libxml.c:339: undefined reference to `xmlResetError' ext/libxml/libxml.lo(.text+0x394): In function `_php_list_set_error_structure': /root/builds/php5-200503091530/ext/libxml/libxml.c:353: undefined reference to `xmlCopyError' ext/libxml/libxml.lo(.text+0xa1e): In function `zm_deactivate_libxml': So, I could only try it out on the new STABLE snapshot, and the behavior is NOT fixed. Also, an almost identical situation comes up with the following test case (nearly identical to my first one): $myfilename = '/var/lib/php/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } //include($myfilename); $res = fopen($myfilename,'r'); echo res: $resbr; $text = fgets($res, 4096); echo $text This results in: Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 49/49 is not allowed to access /var/lib/php/test_templ2.php owned by uid/gid 0/0 in /var/www/sites/devel/test.php on line 10 Warning: fopen(/var/lib/php/test_templ2.php) [function.fopen]: failed to open stream: Success in /var/www/sites/devel/test.php on line 10 ... Thus, fopen also has the same type of problem. As you can see below, safe_mode_include_dir is set to /var/lib/php, as referenced in the above error message. // php.ini settings $ cat /etc/php.ini | grep -i safe_mode safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php ... Previous Comments: [2005-03-09 21:42:46] [EMAIL PROTECTED] Try this snapshot too, from the PHP 5_0 branch: http://snaps.php.net/php5-STABLE-latest.tar.gz [2005-03-09 19:32:42] kibab at icehouse dot net Ok. It turns out xmlErrorPtr (and all the other changes) are associated with libxml2 version 2.6.X. So, the docs are wrong now, assuming the upgrade was intended. I guess my RPM's are no longer sufficient. acinclude.m4, aclocal.m4, and configure all mention 2.5.10. However, ext/xml/xml.c has a reference to php_error_docref() that mentions upgrading to libxml2 version 2.6. So, libxml2 version 2.6 is the official requirement now? [2005-03-09 18:16:01] kibab at icehouse dot net A bit more information. I ran the compile command manually using gcc -E instead of libtool, and it turns out that xmlErrorPtr hasn't yet been defined at that point, which is why it's dieing. Also, I grepped for it but it's not present: $ pwd /usr/include/libxml2 $ grep -rni xmlError * libxml/globals.h:17:#include libxml/xmlerror.h Per {acinclude,aclocal}.m4, libxml2 version 2.5.10 is required, but I have that installed I'll keep investigating... thanks. [2005-03-09 16:42:44] kibab at icehouse dot net Configure options listed below. It's basically a mirror of the standard PHP-4 Redhat options adapted for PHP-5, with a couple of extra options I added in. ./configure '--host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=./config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-dom=/usr' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif
#31618 [Fbk-Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: I tried and it didn't compile: [EMAIL PROTECTED] php5-200503082130***]$ make /bin/sh /root/builds/php5-200503082130/libtool --silent --preserve-dup-deps --mode=compile gcc -Iext/libxml/ -I/root/builds/php5-200503082130/ext/libxml/ -DPHP_ATOM_INC -I/root/builds/php5-200503082130/include -I/root/builds/php5-200503082130/main -I/root/builds/php5-200503082130 -I/root/builds/php5-200503082130/Zend -I/usr/include/libxml2 -I/usr/kerberos/include -I/usr/include/freetype2 -I/usr/include/imap -I/root/builds/php5-200503082130/ext/mbstring/oniguruma -I/root/builds/php5-200503082130/ext/mbstring/libmbfl -I/root/builds/php5-200503082130/ext/mbstring/libmbfl/mbfl -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include/pspell -I/root/builds/php5-200503082130/TSRM -g-O2 -prefer-non-pic -c /root/builds/php5-200503082130/ext/libxml/libxml.c -o ext/libxml/libxml.lo /root/builds/php5-200503082130/ext/libxml/libxml.c:337: syntax error before error /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `_php_libxml_free_error': /root/builds/php5-200503082130/ext/libxml/libxml.c:339: `error' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:339: (Each undeclared identifier is reported only once /root/builds/php5-200503082130/ext/libxml/libxml.c:339: for each function it appears in.) /root/builds/php5-200503082130/ext/libxml/libxml.c: At top level: /root/builds/php5-200503082130/ext/libxml/libxml.c:343: syntax error before error /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `_php_list_set_error_structure': /root/builds/php5-200503082130/ext/libxml/libxml.c:345: `xmlError' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:345: syntax error before error_copy /root/builds/php5-200503082130/ext/libxml/libxml.c:350: `error_copy' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:352: `error' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:357: `XML_ERR_ERROR' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c:363: `msg' undeclared (first use in this function) /root/builds/php5-200503082130/ext/libxml/libxml.c: At top level: /root/builds/php5-200503082130/ext/libxml/libxml.c:455: syntax error before xmlErrorPtr /root/builds/php5-200503082130/ext/libxml/libxml.c: In function `php_libxml_structured_error_handler': /root/builds/php5-200503082130/ext/libxml/libxml.c:457: `error' undeclared (first use in this function) make: *** [ext/libxml/libxml.lo] Error 1 I'll try the next few snapshots until one of them compiles and then provide feedback. Thanks. Previous Comments: [2005-02-28 20:59:48] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2005-01-20 22:32:24] kibab at icehouse dot net Maybe this isn't directly related, but fopen($myfilename,r) also fails, even though include($myfilename) works. Again, $myfilename is in the safe_mode_include_dir, so fopen should be able to open it. [2005-01-19 23:05:35] kibab at icehouse dot net Description: is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r--1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = .:/var/lib/php_packages:/var/lib/php_packages/pear safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --- test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: I would expect is_readable() to return true
#31618 [Opn]: is_readable() results based on ownership of calling script, not file
ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5.0.3 New Comment: Maybe this isn't directly related, but fopen($myfilename,r) also fails, even though include($myfilename) works. Again, $myfilename is in the safe_mode_include_dir, so fopen should be able to open it. Previous Comments: [2005-01-19 23:05:35] kibab at icehouse dot net Description: is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r--1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = .:/var/lib/php_packages:/var/lib/php_packages/pear safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --- test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: I would expect is_readable() to return true in both instances. The uid/gid check shouldn't matter despite safe mode, as the file is in safe_mode_include_dir, and even if it wasn't, the is_readable documentation says that it does NOT take into account safe_mode restrictions. Actual result: -- // When test.php has the following ownership: $ ls -l test.php -rw-rw-r--1 root root 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (true) TESTING! // When test.php has the following permissions: $ ls -l test.php -rw-rw-r--1 dschlegel79 undergradadmiss 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (false) TESTING! -- Edit this bug report at http://bugs.php.net/?id=31618edit=1
#31618 [NEW]: is_readable() results based on ownership of calling script, not file
From: kibab at icehouse dot net Operating system: redhat enterprise PHP version: 5.0.3 PHP Bug Type: Filesystem function related Bug description: is_readable() results based on ownership of calling script, not file Description: is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r--1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = .:/var/lib/php_packages:/var/lib/php_packages/pear safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --- test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo is_readable: $myfilename (true)br; } else { echo is_readable: $myfilename (false)br; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: I would expect is_readable() to return true in both instances. The uid/gid check shouldn't matter despite safe mode, as the file is in safe_mode_include_dir, and even if it wasn't, the is_readable documentation says that it does NOT take into account safe_mode restrictions. Actual result: -- // When test.php has the following ownership: $ ls -l test.php -rw-rw-r--1 root root 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (true) TESTING! // When test.php has the following permissions: $ ls -l test.php -rw-rw-r--1 dschlegel79 undergradadmiss 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (false) TESTING! -- Edit bug report at http://bugs.php.net/?id=31618edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31618r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31618r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31618r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=31618r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=31618r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31618r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31618r=needscript Try newer version: http://bugs.php.net/fix.php?id=31618r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31618r=support Expected behavior: http://bugs.php.net/fix.php?id=31618r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31618r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31618r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=31618r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31618r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=31618r=dst IIS Stability: http://bugs.php.net/fix.php?id=31618r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31618r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31618r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31618r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31618r=mysqlcfg