{
    "href": "/post/2016/11/30/php-ssh2-sftp-opendirreaddir-fix/",
    "relId": "2016/11/30/php-ssh2-sftp-opendirreaddir-fix",
    "title": "PHP ssh2.sftp opendir/readdir fix",
    "author": "pmjones",
    "markup": "html",
    "tags": [
        {
            "href": "/tag/php/",
            "relId": "php",
            "title": "PHP",
            "author": null,
            "created": null,
            "updated": [],
            "markup": "markdown"
        },
        {
            "href": "/tag/programming/",
            "relId": "programming",
            "title": "Programming",
            "author": null,
            "created": null,
            "updated": [],
            "markup": "markdown"
        }
    ],
    "created": "2016-11-30 15:39:19 UTC",
    "updated": [
        "2016-11-30 15:39:19 UTC"
    ],
    "html": "<p>This bug <a href=\"https://bugs.php.net/bug.php?id=73597\">https://bugs.php.net/bug.php?id=73597</a> related to the PECL ssh2 extension bit us yesterday, so this post is a public service announcement that will (hopefully) save you from writing your own workaround like I almost did.</p>\n<p>Problem: PHP 5.6.28 (and apparently 7.0.13) introduced a security fix to URL parsing, that caused the string interpolation of the $sftp resource handle to no-longer be recognized as a valid URL. In turn, that causes opendir(), readdir(), etc. to fail when you use an $sftp resource in the path string, after an upgrade to one of those PHP versions.</p>\n<p>Solution: Instead of using <code>\"ssh2.sftp://$sftp\"</code> as a stream path, convert $sftp to an integer like so: <code>\"ssh2.sftp://\" . intval($sftp) . \"/\"</code>. Then it will work just fine.</p>\n<p>Thanks to the people who fixed the URL parsing security flaw, thanks to the people who wrote the PECL ssh2 extension, and thanks to the people who provided the fix.</p>\n<p class=\"reddit-links\">Read the Reddit discussion about this post <a href=\"https://www.reddit.com/r/PHP/comments/5fq8mw/php_ssh2sftp_opendirreaddir_fix/\">here</a>.</p>\n"
}