|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2004-11-29 01:29 UTC] himself at zhwau dot net
Description:
------------
When trying to POST upload a file with the proper <FORM> tag, including the proper enctype and all (but without size restriction with MAX_FILE_SIZE as in manual example), the receiving script defined in ACTION results in move_uploaded_file() returning TRUE even though the file wasn't moved at all.
Odd things happen when you try reloading the ACTION target page which makes Firefox repost the data - the second time around, the PHP script moves the file, even though it is assigned a different temp file name. Then everything works fine.
Could this be the result of a write-behind process for the filesystem which makes move_uploaded_file() return true even if it didn't move the actual file?
Reproduce code:
---------------
<?php
// The receiving script
$ime = $_FILES['slika']['name'];
if (move_uploaded_file($_FILES['slika']['tmp_name'], $ime)) {
// Here i execute the code responsible for handling the file
}
else {
// Report that the upload failed
}
?>
Expected result:
----------------
Should execute the 'ELSE' part of the sentence, since the move_upload_file() should return true in the case of a failed file move - unless it only detects whether or not the tmp_name file exists.
Actual result:
--------------
First time around, the move_uploaded_file() returns true (meaning the temp file exists) but the file isn't moved to $ime (i.e. the same dir where the script is executed).
If you reload the page (and repost the same data), the tmp_name changes while all stays the same and the file is successfully moved.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Nov 07 07:00:02 2025 UTC |
The system the command was run on has the following configuration: - Athlon XP 2000+ 512MB RAM - Windows XP SP2 - Apache 2.0.52 - PHP 5.0.2 (running as Apache module, php5_module) The input form that sends the file via POST is as follows: <FORM enctype="multipart/form-data" action="vnos.php" method="post"> <INPUT type="file" name="slika" size=50> <INPUT type="submit" value="Poslji"> </FORM> The receiving page (vnos.php) contains the following code: <?php $ime = $_FILES['slika']['name']; $tmp = $_FILES['slika']['tmp_name']; if (move_uploaded_file($tmp, $ime)) { echo '<H2>File uploaded!'; } else { echo '<H2>Error during transfer.</H2>'; } ?> If you submit the file in the first file, move_uploaded_file in the second file (vnos.php) returns TRUE, but the file isn't moved. Also, the vardump on $_FILES does return the appropriate information about the contents and properties of the file submitted via POST. Using Firefox, if you reload the page and acknowledge resending the POSTDATA, then the script executes exactly the same, only this time, the file gets moved. I haven't tested subsequent reloads, but I'm assuming the file gets overwritten. In short - the function 'move_uploaded_file' does NOT move the file on the first run, but resubmitting the POST data makes the function work properly. The temp file directory resides in one of the subdirs on the root of the webserver, and the webserver has full access to any file or dir in the document root.I can also confirm that this is a problem in 5.2.0. I am using move_uploaded_file to move a file from /tmp/<tmpname> to <docroot>/worksheets/3.jpg On the initial upload, I get no openbase_dir message, and the file writes successfully and the function returns true (as I expected). On the second upload to the file (where the file exists already), I get an openbase_dir error message in the error log and the file does not write successfully, but the function still returns a true value anyway (not as expected). I have also witnessed a case where I get no openbase_dir message and the new file writes successfully. I verified this by checking the file size had changed between requests (as I had uploaded a different file), which it had. But I am now unable to reproduce that problem. In all cases however the function is returning true. I am using PHP 5.2.0 on Apache 2.0.59 on Linux 2.6.9-42.0.2.ELsmp i686 athlon i386 GNU/Linux. The permissions of the directory/file are clearly correct because the first upload is writing correctly. I have also verified the permissions independently by doing $h=fopen("$docroot/worksheets/3.jpg"); fwrite($h,"test"); fclose($h); The file is created and contains the line as expected. -------------------------------------------------------- In line with the guidelines, I have downloaded the latest build from CVS, and the following behaviour has changed. I now get an open_basedir warning message on the initial upload in the log, but the file is written anyway, and the function still returns true. the same behaviour persists with the second upload.I have created a simple test case: <html><body><form method='POST' action='testUpload.php' accept-charset="UTF-8" enctype="multipart/form-data"> <input type='hidden' name='MAX_FILE_SIZE' value="300000000"/> <input type='file' name='worksheet_new'/><br/> <input type='submit' value='submit'/> </body> </html> posts to <?php $location="<path to my directory>"; if (move_uploaded_file($_FILES['worksheet_new']['tmp_name'],$location)) { }oops - hit tab then space, so it submitted before I was done: if (move_uploaded_file($_FILES['worksheet_new']['tmp_name'],$location)) { echo "Success"; } else { echo "Failure"; } This prints the warning message, then "Success" when executed.