TYPO3 Core

Due to the way is_file() works it will always return false if the file is not owned by the user running the php script. This means in essense that if the file isnt owned by webserver user is_file() will always return false when testing for it..

Thus far I have found two issues regarding this;

First default_config.php is unable to detect localconf.php even if it is sitting there and is read and writeable by the webserver.

Second in the install script testing for ImageMagick executables always fails even if they are available. This can be worked around by setting the path manually in the all configurastion page and enabling IM.

My suggestion is that Typo3 considers a different testing mechanism when running under safemode, like actually executing the file in question or something similar. Perhaps reading a few bytes from the beginning of the file if that can be done. This is ofcourse more expensive in terms of cpu cycles, but makes typo3 alot more safemode friendly.

I believe this bug/flaw/limitation is valid in the latest release as of today.
(issue imported from #M4142)