 |
 |
 |
 |
|
|
Date: 01/28/03
- Next message: corinl <email protected>: "[PHP-DOC] #21920 [NEW]: buggy example"
- Previous message: m.ford <email protected>: "[PHP-DOC] #21885 [Com]: move_uploaded_file error with open_basedir"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ID: 21885
Comment by: m.ford <email protected>
Reported By: mak77 <email protected>
Status: Open
Bug Type: Documentation problem
Operating System: Windows XP - IIS
PHP Version: 4.3.0
New Comment:
Sorry, Sniper, but I fail to see what #16128 has to do with this. That
report complained that open_basedir was not being applied to the
*destination* of a move_uploaded_file(); this one complains that it
*is* being applied to the *source* of a move_uploaded_file() -- that
is, the temporary copy of the uploaded file.
There is no obvious (to me) good reason why the open_basedir
restriction should be applied to the uploaded temp-file -- if there is,
it should be documented so we know what it is.
Cheers!
Previous Comments:
------------------------------------------------------------------------
[2003-01-28 03:03:53] mak77 <email protected>
thank you...
but adding a path to open basedir doesn't do the job
it continue to say
File(c:\temp\php-uploads\phpD.tmp) is not within the allowed path(s):
(.)
------------------------------------------------------------------------
[2003-01-28 02:21:49] philip <email protected>
Is upload_tmp_dir affected by these? In otherwords, does the
upload_tmp_dir need to be listed in open_basedir?
Where does safe_mode come into play?
Please provide some documentable information as neither of these bug
reports do. #16128 says it's fixed but what does that mean?
------------------------------------------------------------------------
[2003-01-27 23:27:16] sniper <email protected>
This was changed because of this bug:
http://bugs.php.net/bug.php?id=16128&edit=1
And it will stay. Reclassified as documentation prob.
------------------------------------------------------------------------
[2003-01-27 17:11:21] info <email protected>
yes - i have the same problem with php running as cgi in windows 2000
pro with IIS. it used to work just fine, but now with 4.3.0 i get the
same error. it seems like this is a bug, because the documentation
specifically says:
move_uploaded_file() is not affected by the normal safe-mode
UID-restrictions. This is not unsafe because move_uploaded_file() only
operates on files uploaded via PHP.
even though open_basedir is not safe_mode i think the same logic should
apply!
meanwhile i'll just add the temp dir to open_basedir is a quickfix.
------------------------------------------------------------------------
[2003-01-27 15:35:20] ryan <email protected>
Yeah this behavior has changed, it didn't do this in 4.2.3. It seems
like it *used to* bypass the open_basedir check when using
move_uploaded_file on a file in upload_tmp_dir. Or rather, it added
one's upload_tmp_dir to open_basedir automatically (bug 17488).
Could someone comment as to whether or not this is a permanent change,
and if so, perhaps document it somewhere on php.net?
(FreeBSD 4.6-STABLE Apache/1.3.27 PHP/4.3.0 apxs, safe_mode=Off)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/21885
-- Edit this bug report at http://bugs.php.net/?id=21885&edit=1-- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
- Next message: corinl <email protected>: "[PHP-DOC] #21920 [NEW]: buggy example"
- Previous message: m.ford <email protected>: "[PHP-DOC] #21885 [Com]: move_uploaded_file error with open_basedir"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]