Ticket #1670 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

PHP applications with use of realpath malfunction when they upgrade to PHP 5.2.4 (included in Ubuntu 8.04 LTS)

Reported by: zbateson Assigned to: demian
Priority: normal Milestone: 0.6.6
Component: not categorised Severity: verified
Keywords: realpath, ubuntu, compatibility Cc:

Description

Depending on the platform, realpath may not return false if the file doesn't exist. This would cause requests with invalid module names to produce error messages for me locally when Seagull tries to copy a non-existent config file. But when deployed, the server's implementation of realpath would return false for non-existent files, SGL_ERROR_RESOURCENOTFOUND would be set, and the default module would be loaded with a 404 returned from SGL_Manager. I'm assuming that is the correct behaviour... and modified SGL_Config and SGL_UrlParser_SefStrategy to check both the return value of realpath, and file_exists.

There seems to be some discrepancy as to when realpath actually does return false. According to the PHP docs, BSD systems realpath doesn't fail if only the last path component doesn't exist... but I'm on a GNU Linux system, and it doesn't fail even though the last two parts don't exist. Looking at man pages didn't give any definite answers... they all seem to indicate failure

In any case, PHP calls realpath on whatever system you're using... and the implementation may differ across systems.

Attachments

realpath.patch (1.1 kB) - added by zbateson on 08/19/08 00:10:53.

Change History

08/19/08 00:10:53 changed by zbateson

  • attachment realpath.patch added.

08/19/08 00:22:58 changed by zbateson

  • severity changed from open to need feedback.

08/19/08 09:33:35 changed by rungss

  • keywords changed from realpath to realpath, ubuntu, compatibility.
  • component changed from SGL to not categorised.
  • severity changed from need feedback to verified.
  • summary changed from realpath doesn't always return false if file doesn't exist to PHP applications with use of realpath malfunction when they upgrade to PHP 5.2.4 (included in Ubuntu 8.04 LTS).

Some users will notice that PHP applications malfunction when they upgrade to PHP 5.2.4 (included in Ubuntu 8.04 LTS) because realpath returns true for files that don't exist.

This is due to the inclusion of the Hardened-PHP Project's Suhosin Patch in many distributions by default. This patch replaces PHPs realpath function with the BSD implementation, which ignores the last path component.

The workaround is to use the file_exists function to verify that the file exists before using realpath to get its real path string.

e.g: instead of:

<?php

if (realpath($path)) {

$path = realpath($path);

} else {

throw new Exception('Path not found!');

} ?>

Do this:

<?php

if (file_exists($path)) {

$path = realpath($path);

} else {

throw new Exception('Path not found!');

} ?> Reference: http://in.php.net/manual/en/function.realpath.php#82770 I use Ubuntu 8.04 LTS in my workstation and I first saw the Problem in the tinyfck in my local machine.

The file www/tinyfck/tiny_mce_gzip.php

I changed the code to the following:

    // Load all plugins and their language packs
    $plugins = explode(",", $plugins);
    foreach ($plugins as $plugin) {
        $pluginFile = realpath("plugins/" . $plugin . "/editor_plugin" . $suffix . ".js");
        $languageFile = realpath("plugins/" . $plugin . "/langs/" . $lang . ".js");
        if ($pluginFile''' && is_file($pluginFile)''')
            TinyMCE_echo(file_get_contents($pluginFile));
        if ($languageFile''' && is_file($languageFile)''')
            TinyMCE_echo(file_get_contents($languageFile));
    }

Within Seagull and in a lot of other open source and all kinds of Projects a lot of code uses realpath to convert paths to real paths and to check (at the same time) if the file exists. This will not work in a System with the stated environment.

I am not sure how the whole PHP Community is going to deal with it. A lot of existing Systems won't work..

08/19/08 11:18:00 changed by demian

  • status changed from new to assigned.
  • milestone set to 0.6.6.

Interesting comments guys, i will post this to list and get some feedback

10/21/08 06:37:43 changed by demian

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [4180]) addressing realpath probs in php 5.2.4, fixes #1670