Bug: Inaccurate path resolution in Boot

[sk757a]

PHP Version

8.3

CodeIgniter4 Version

4.5.5

CodeIgniter4 Installation Method

Composer (as dependency to an existing project)

Which operating systems have you tested for this bug?

Windows

Which server did you use?

cli

Database

No response

What happened?

spark prints "" and nothing else.

Steps to Reproduce

1. Set $writableDirectory in Paths to non-existent folder
2. Run spark

Expected Output

At least more meaningful error message.

Anything else?

When using the realpath function, if there is no actual path in the file system, false is returned. Which is then converted to an empty string when concatenated. The result path is pointing to the root.

[michalsn]

By default in the production environment errors are not displayed. Please set CI_ENVIRONMENT = development in the .env file to see the detailed error.

[sk757a]

I understand and know this, but what is the point of not showing error messages in the terminal? It turns out that the terminal user in the production environment must be either an attacker or a telepath. It is unclear and unfriendly in my opinion.

[sk757a]

By default in the production environment errors are not displayed. Please set CI_ENVIRONMENT = development in the .env file to see the detailed error.

I should have written about the environment, of course. My mistake.

[paulbalandan]

This seems to be an issue with display_errors again which is fixed in 4.6. If you have environment set to production and display_errors set to 1 in boot, errors will appear as usual.

[michalsn]

I don't believe that OP wants to change any settings to see errors in the cli.

[michalsn]

Oh... I just spotted the full description of the label I assigned to this issue, so I am removing it now.

While this may be inconvenient, we rely on the settings from the given environment to display errors.

[sk757a]

The problem is that there is one setting, but two interfaces - web and cli. The point of hiding the output of confidential information, in my opinion, exists only in the case of web. Okay, I get it. Thanks.

[michalsn]

Yes, I understand your point. But in some cases, this can be dangerous. We can't be sure what users will do with spark. It can be run via cron and log the output of the command - which would potentially expose sensitive details.

[sk757a]

I didn't think about the cron and now completely agree.
But from another point of view, a program in any environment should not silently fail. The user should be able to diagnose and to fix or report the problem. Usually in such situations, log file analysis helps, but ironically not in this case, because log file cannot be written. There is no error message, no entry in log file and no solution.

[kenjis]

@sk757a You could send a PR to check the real path in

CodeIgniter4/system/Boot.php

Line 199 in 539436f

define('WRITEPATH', realpath(rtrim($paths->writableDirectory, '\\/ ')) . DIRECTORY_SEPARATOR);

[kenjis]

@paulbalandan @michalsn This is a special case, because when $writableDirectory is wrong, CI4 cannot log errors.
So there is no clue to debug.
Therefore I think if a PR that checks WRITEPATH comes, we should accept it.

[michalsn]

Okay, let's reopen it then. What a rollercoaster 😅

[sk757a]

Thank you guys!