Closed demianturner closed 11 years ago
[rungss] '''Some users will notice that PHP applications malfunction when they upgrade to PHP 5.2.4 (included in Ubuntu 8.04 LTS) because realpath returns true for files that don't exist.'''
This is due to the inclusion of the Hardened-PHP Project's Suhosin Patch in many distributions by default. This patch replaces PHPs realpath function with the BSD implementation, which ignores the last path component.
The workaround is to use the file_exists function to verify that the file exists before using realpath to get its real path string.
e.g: instead of:
<?php
if (realpath($path)) { $path = realpath($path); } else { throw new Exception('Path not found!'); }
?>
Do this:
<?php
if (file_exists($path)) { $path = realpath($path); } else { throw new Exception('Path not found!'); }
?> Reference: http://in.php.net/manual/en/function.realpath.php#82770 I use Ubuntu 8.04 LTS in my workstation and I first saw the Problem in the tinyfck in my local machine.
The file www/tinyfck/tiny_mce_gzip.php
I changed the code to the following:
{{{
// Load all plugins and their language packs
$plugins = explode(",", $plugins);
foreach ($plugins as $plugin) {
$pluginFile = realpath("plugins/" . $plugin . "/editor_plugin" . $suffix . ".js");
$languageFile = realpath("plugins/" . $plugin . "/langs/" . $lang . ".js");
if ($pluginFile''' && is_file($pluginFile)''')
TinyMCE_echo(file_get_contents($pluginFile));
if ($languageFile''' && is_file($languageFile)''')
TinyMCE_echo(file_get_contents($languageFile));
}
}}}
Within Seagull and in a lot of other open source and all kinds of Projects a lot of code uses realpath to convert paths to real paths and to check (at the same time) if the file exists. This will not work in a System with the stated environment.
I am not sure how the whole PHP Community is going to deal with it. A lot of existing Systems won't work..
[demian] Interesting comments guys, i will post this to list and get some feedback
[demian](In [4180]) addressing realpath probs in php 5.2.4, fixes #1670
Depending on the platform, [http://www.php.net/realpath realpath] may not return false if the file doesn't exist. This would cause requests with invalid module names to produce error messages for me locally when Seagull tries to copy a non-existent config file. But when deployed, the server's implementation of realpath would return false for non-existent files, SGL_ERROR_RESOURCENOTFOUND would be set, and the default module would be loaded with a 404 returned from SGL_Manager. I'm assuming that is the correct behaviour... and modified SGL_Config and SGL_UrlParser_SefStrategy to check both the return value of realpath, and file_exists.
There seems to be some discrepancy as to when realpath actually does return false. According to the PHP docs, BSD systems realpath doesn't fail if only the last path component doesn't exist... but I'm on a GNU Linux system, and it doesn't fail even though the last two parts don't exist. Looking at man pages didn't give any definite answers... they all seem to indicate failure
In any case, PHP calls realpath on whatever system you're using... and the implementation may differ across systems.