Hi all,
I'm afraid that recent changes in filestat.c [1] that were meant to fix
a bug [2] with file_exists() also altered the behaviour of
is_readable(). According to the docs [3] [4], is_readable should not
take safe_mode limitations into account, whereas file_exists should do.
<?php
print PHP_VERSION . "\n";
var_dump(ini_get('safe_mode'));
var_dump(file_exists('/etc/hosts'));
var_dump(is_readable('/etc/hosts'));
?>
mp@dev:~$ php bug.php
5.1.6
string(0) ""
bool(true)
bool(true)
mp@dev:~$ php -d safe_mode=1 bug.php
5.1.6
string(1) "1"
bool(false)
bool(false)
Is this intended behaviour? If not, I'd be glad to file it as a bug.
Kind regards,
mp.
[1] http://cvs.php.net/viewvc.cgi/php-src/ext/standard/filestat.c
[2] http://bugs.php.net/bug.php?id=37987
[3] http://de2.php.net/manual/en/function.is-readable.php
[4] http://de2.php.net/manual/en/function.file-exists.php
Matthias Pigulla wrote:
Hi all,
I'm afraid that recent changes in filestat.c [1] that were meant to fix
a bug [2] withfile_exists()also altered the behaviour of
is_readable(). According to the docs [3] [4], is_readable should not
take safe_mode limitations into account, whereas file_exists should do.
i dont think this is a recent change. i think its only an oversite in
the documentation.
regards,
Lukas
I think the current behavior solves made old bug reports, where by
people used is_readable() to see if they could read from a file, only
to have the operation file due to safe_mode/open_basedir
restrictions. Taking the check away would also mean it would be
possible to "explore" file file system bypassing PHP's file system
restrictions.
Ilia Alshanetsky