Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP is_readable returns true for non-readable file

Tags:

php

file-permissions

getimagesize

I have an image processor PHP script, and it contains the following code:

        if (!is_dir($fullFile)) {
            if (is_readable($fullFile)) {
                $im = getimagesize($fullFile); // Will be FALSE if not an image

In some instances, the script will fail at getimagesize with the following error:

getimagesize(/path/to/file.jpg) [function.getimagesize]: failed to open stream: Permission denied at www.yada.yada/page.php

In this case, the permissions for /path/to/file.jpg are definitely prohibitive (400), so I'd have expected the is_readable test to prevent me getting to that point. Aside from setting permissions differently, what might I do in order to resolve this? Why does it seem that is_readable has an incorrect result? Is it possible that is_readable is operating with the EUID of the file owner, while getimagesize is not? That's the only explanation that makes sense to me, but even that knowledge doesn't help resolve.

Prompted by @hek2mgl I created this ultra-complex script, named readable.php:

<?php echo is_readable("/stora2/Pics/2009/2009-07-26/DSC00532.JPG") . "\n\n"; ?>

Then I switched user to the web server user (actually www-data on this server) and ran it. Result was

1

Then I ran strace as that same user. These are the commands I used. The result is a 70KB+ file, and SO won't let me post it in its entirety, so it is posted at http://pastebin.com/mFqiSBiz

dennis@luke:~$ sudo su - www-data

$ ls -l "/stora2/Pics/2009/2009-07-26/DSC00532.JPG"
-rw------- 1 dennis dennis 524288 2012-02-11 08:18 /stora2/Pics/2009/2009-07-26/DSC00532.JPG

$ file "/stora2/Pics/2009/2009-07-26/DSC00532.JPG"
/stora2/Pics/2009/2009-07-26/DSC00532.JPG: writable, regular file, no read permission

$ php /home/dennis/readable.php
1

$ strace php /home/dennis/readable.php > /tmp/strace.out 2>&1

Not sure what I'm looking for. Please advise.

like image 318
Dennis Avatar asked Nov 03 '22 07:11

Dennis

1 Answers

Depending on what version of php you are running, this could be a bug, as hek2mgl said in the comments. If you want to workaround this, you can add logic based on the file permissions, with fileperms

like image 88
Jormundir Avatar answered Nov 09 '22 14:11

Jormundir
Sign in to Comment

Related questions

files being transmitted with PHP cURL/FTP with zero bytes
Approximating an MVC using XSL, PHP, Perl, XML.
Prevent form fields from repopulating after clicking the back button
'The character encoding of the HTML document was not declared' issues
Can PHP ping a remote system without ICMP and without external programs?
Overriding methods in PHP?
Translating PHP to Python (Rest-API connection) [closed]
Add another item after every 10 in an array
file_get_contents appears to be caching, lock script issue
How to store configs?
ajax formdata append does not work for key value style
Setting a defined random order for an array in PHP
Web Service Proxy Generator In PHP Environment
avoid multiple if conditions [duplicate]
How to get device tokens
PDO and MySQL stored procedure. Not returning out param
displaying incorrect answer from options
ibase_connect: local computer host, can't figure out working path
Does SplObjectStorage leave memory leak references if it destructs while objects are still attached?
execute two shell commands in single exec php statement

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!