From d6dfca1b80a9fd3a6d658501fbf2d2da80c6e6df Mon Sep 17 00:00:00 2001
From: Artem Manchenkov <artem@manchenkoff.me>
Date: Mon, 29 Aug 2022 09:18:59 +0200
Subject: [PATCH] Fix #16658: Fix file readability check on publishing assets
 by `yii\web\AssetManager`

---
 framework/CHANGELOG.md         | 1 +
 framework/web/AssetManager.php | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index 2d7c2c49bb..6911ce0846 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -4,6 +4,7 @@ Yii Framework 2 Change Log
 2.0.47 under development
 ------------------------
 
+- Bug #16658: Fix file readability check on publishing assets by `yii\web\AssetManager` (manchenkoff)
 - Bug #15557: Fix empty fields exclusion in safe attributes of `yii\base\Model` (manchenkoff)
 - Bug #19508: Fix wrong selection for boolean attributes in GridView (alnidok)
 - Bug #19517: Fix regression in `CompositeAuth::authenticate()` introduced in #19418 (WinterSilence)
diff --git a/framework/web/AssetManager.php b/framework/web/AssetManager.php
index 40b68096e4..0ad3a21cc0 100644
--- a/framework/web/AssetManager.php
+++ b/framework/web/AssetManager.php
@@ -476,6 +476,10 @@ class AssetManager extends Component
             throw new InvalidArgumentException("The file or directory to be published does not exist: $path");
         }
 
+        if (!is_readable($path)) {
+            throw new InvalidArgumentException("The file or directory to be published is not readable: $path");
+        }
+
         if (is_file($src)) {
             return $this->_published[$path] = $this->publishFile($src);
         }