Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
if you check a file location in a non-existing directory it won't return FALSE.
file_check_location('files/x.jpg', 'non-existing-directory');// returns the real file path. not false.
is this intended behaviour? should we check the directory before sending to this functon?
One more thing; if the file does not exist, it gets the realpath of dirname($file) and it does not check if the directory exists
file_check_location('non-existing-directory/www', '/www'); //again not return false
Comment | File | Size | Author |
---|---|---|---|
#16 | file_check_location_and_non_existing_directories_16.patch | 428 bytes | Varga Tamás |
#14 | file.inc-d6.patch | 298 bytes | praestigiare |
#13 | file.inc-d6.patch | 284 bytes | praestigiare |
#9 | file.patch | 1.76 KB | p.brouwers |
#4 | file.inc_.patch | 461 bytes | p.brouwers |
Comments
Comment #1
artifice CreditAttribution: artifice commentedRelates to: #261392: file_check_location() fails when file does not exist and #184992: file_check_location() doesn't actually do what is described and #48350: upload module puts tmp file but won't move file to final directory location
Comment #2
drewish CreditAttribution: drewish commentedwe ran into this trying to write unit tests for the hook_file patch (#142995: Add hook_file and make files into a 1st class Drupal object).
marked #261392: file_check_location() fails when file does not exist as a duplicate
Comment #3
drewish CreditAttribution: drewish commentedHere's the test we built for this bug:
I'm forking it from #308434: Clean up file.inc ahead of hook_file and add unit tests. so that all the tests committed will pass.
Comment #4
p.brouwers CreditAttribution: p.brouwers commentedMade a patch for it.
See http://drupal.org/node/339863 also for D5 patch
Comment #5
Dries CreditAttribution: Dries commenteddrewish's test is not included in the patch?
Comment #6
p.brouwers CreditAttribution: p.brouwers commentedI don't get it. Should it?
Seems to me that Drewish's patch is already commit, and this patch can still be applied to it.
Comment #7
drewish CreditAttribution: drewish commentedp.brouwers no you need to incorporate the test that i'd posted in #3
Comment #8
p.brouwers CreditAttribution: p.brouwers commentedah ok, will incorporate your test and submit a new patch
Comment #9
p.brouwers CreditAttribution: p.brouwers commentedok, added your test drewish and corrected the other tests to reflect the change to file_check_location()
Comment #10
lacasuela CreditAttribution: lacasuela commentedwhich file we must patch in drupal 6.8 and how?
Comment #11
sinasquax CreditAttribution: sinasquax commentedI'm ok with the patch #9, webform module use file_check_location with /webform/ path in his file_download hook but it doesn't create the webform folder in sites/default/files.
So i get many "realpath() open_basedir restriction in effect" warnings.
Comment #12
p.brouwers CreditAttribution: p.brouwers commentedWhat's the current status on this subject?
Comment #13
praestigiare CreditAttribution: praestigiare commentedI am not sure if this is the correct place to put this, so forgive me if I am making a mistake. I made a patch for Drupal 6, with a slight modification: On windows systems, running realpath() on non-existent directories can be very slow in some cases. To avoid this, I moved the is_dir() check to before the realpath() call.
Comment #14
praestigiare CreditAttribution: praestigiare commentedSorry - left out the directory info in the patch header.
Comment #15
Désiré CreditAttribution: Désiré commentedSince the file_check_location function is removed from Drupal 7 this bug was not fixed, but it still effects Drupal 6 sites.
Comment #16
Varga Tamás CreditAttribution: Varga Tamás commentedHere is a current patch for 6.x drupal core