PHP Australia Conference 2015

is_writable

(PHP 4, PHP 5)

is_writableDice se un file è scrivibile

Descrizione

bool is_writable ( string $filename )

Restituisce TRUE se filename esiste ed è scrivibile. L'argomento filename può essere un nome di directory che ti permetta di verificare se una directory è scrivibile.

Tieni presente che PHP può accedere al file con lo user id del web server (spesso 'nobody'). Non sono prese in considerazioni limitazioni di sicurezza.

Nota: I risultati di questa funzione saranno memorizzati. Vedere clearstatcache() per maggiori dettagli.

Suggerimento

A partire da PHP 5.0.0, questa funzione può essere utilizzata con alcuni URL wrappers. Fare riferimento a Supported Protocols and Wrappers per la lista di quali wrappers supportano le funzioni della famiglia stat().

Vedere anche is_readable(), file_exists() e fwrite().

add a note add a note

User Contributed Notes 11 notes

up
7
darek at fauxaddress dot com
8 years ago
It appears that is_writable() does not check full permissions of a file to determine whether the current user can write to it.  For example, with Apache running as user 'www', and a member of the group 'wheel', is_writable() returns false on a file like

-rwxrwxr-x           root         wheel          /etc/some.file
up
4
starrychloe at yahoo dot com
6 years ago
To Darek and F Dot: About group permissions, there is this note in the php.ini file:
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off
up
2
gr
3 years ago
The results of this function seems to be not cached :
Tested on linux and windows

<?php
chmod
($s_pathFichier, 0400);
echo
'<pre>';var_dump(is_writable($s_pathFichier));echo'</pre>';
chmod($s_pathFichier, 04600);
echo
'<pre>';var_dump(is_writable($s_pathFichier));echo'</pre>';
exit;
?>
up
1
agrenier at assertex dot com
10 years ago
This file_write() function will give $filename the write permission before writing $content to it.

Note that many servers do not allow file permissions to be changed by the PHP user.

<?php
   
function file_write($filename, &$content) {
        if (!
is_writable($filename)) {
            if (!
chmod($filename, 0666)) {
                 echo
"Cannot change the mode of file ($filename)";
                 exit;
            };
        }
        if (!
$fp = @fopen($filename, "w")) {
            echo
"Cannot open file ($filename)";
            exit;
        }
        if (
fwrite($fp, $content) === FALSE) {
            echo
"Cannot write to file ($filename)";
            exit;
        }
        if (!
fclose($fp)) {
            echo
"Cannot close file ($filename)";
            exit;
        }
    }
?>
up
2
JimmyNighthawk
9 years ago
Regarding you might recognize your files on your web contructed by your PHP-scripts are grouped as NOBODY you can avoid this problem by setting up an FTP-Connection ("ftp_connect", "ftp_raw", etc.) and use methods like "ftp_fput" to create these [instead of giving out rights so you can use the usual "unsecure" way]. This will give the files created not the GROUP NOBODY - it will give out the GROUP your FTP-Connection via your FTP-Program uses, too.

Furthermore you might want to hash the password for the FTP-Connection - then check out:
http://dev.mysql.com/doc/mysql/en/Password_hashing.html
up
1
greg at gregwhitescarver dotcalm
8 years ago
In response to Darek:

We have two servers: one running PHP 5.0.4 and Apache 1.3.33, the other running PHP 4.3.5 and Apache 1.3.27.  The PHP 4 server exhibits the behavior you are describing, with is_writable() returning 'false' even though the www user is in the group that owns the file, but the PHP 5 server is returning 'true.'
up
0
samuel dot zallocco at univaq dot it
2 months ago
Check if a directory is writable. Work also on mounted SMB shares:

function isWritablePath($home, $xpath) {
    $isOK = false;
    $path = trim($xpath);
    if ( ($path!="") && (strpos($path,$home)!==false)  && is_dir($path) && is_writable($path) ) {
        $tmpfile = "mPC_".uniqid(mt_rand()).'.writable';
        $fullpathname = str_replace('//','/',$path."/".$tmpfile);
        $fp = @fopen($fullpathname,"w");
        if ($fp !== false) {
            $isOK = true;
        }
        @fclose($fp);
        @unlink($fullpathname);
    }
    return $isOK;
   
}
up
0
yury dot gugnin at gmail dot com
6 months ago
function is_writable('ftp://user.....') always return false. I can create/delete files, but can check is writable. Is this bug or php feature :)?
up
0
legolas558 d0t users dot sf dot net
7 years ago
This is the latest version of is__writable() I could come up with.
It can accept files or folders, but folders should end with a trailing slash! The function attempts to actually write a file, so it will correctly return true when a file/folder can be written to when the user has ACL write access to it.

<?php
function is__writable($path) {
//will work in despite of Windows ACLs bug
//NOTE: use a trailing slash for folders!!!
//see http://bugs.php.net/bug.php?id=27609
//see http://bugs.php.net/bug.php?id=30931

   
if ($path{strlen($path)-1}=='/') // recursively return a temporary file path
       
return is__writable($path.uniqid(mt_rand()).'.tmp');
    else if (
is_dir($path))
        return
is__writable($path.'/'.uniqid(mt_rand()).'.tmp');
   
// check tmp file for read/write capabilities
   
$rm = file_exists($path);
   
$f = @fopen($path, 'a');
    if (
$f===false)
        return
false;
   
fclose($f);
    if (!
$rm)
       
unlink($path);
    return
true;
}
?>
up
0
legolas558 dot sourceforge comma net
8 years ago
Since looks like the Windows ACLs bug "wont fix" (see http://bugs.php.net/bug.php?id=27609) I propose this alternative function:

<?php

function is__writable($path) {

if (
$path{strlen($path)-1}=='/')
    return
is__writable($path.uniqid(mt_rand()).'.tmp');

if (
file_exists($path)) {
    if (!(
$f = @fopen($path, 'r+')))
        return
false;
   
fclose($f);
    return
true;
}

if (!(
$f = @fopen($path, 'w')))
    return
false;
fclose($f);
unlink($path);
return
true;
}

?>

It should work both on *nix and Windows

NOTE: you must use a trailing slash to identify a directory
up
0
claude dot paroz at ne dot ch
10 years ago
Under Windows, it only returns the read-only attribute status, not the actual permissions (ACL).
See http://bugs.php.net/bug.php?id=27609
To Top