php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42825 upload_tmp_dir wrong with authentication on
Submitted: 2007-10-02 09:46 UTC Modified: 2007-10-10 01:00 UTC
From: christopher dot graham at digforfire dot co dot uk Assigned:
Status: No Feedback Package: CGI/CLI related
PHP Version: 5.2.4 OS: Windows Server 2003
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: christopher dot graham at digforfire dot co dot uk
New email:
PHP Version: OS:

 

 [2007-10-02 09:46 UTC] christopher dot graham at digforfire dot co dot uk
Description:
------------
If we turn off 'Anonymous Access' for a domain on IIS (so we have to log in via HTTP-auth), we find that file uploads are saved under a path other than what upload_tmp_dir specifies.
This is likely somehow related to how the CGI process will be executed under a different username to usual.
phpinfo returns the correct upload_tmp_dir even though the tmp files are not actually put there; I tested this on the same page request as seeing the tmp path as being incorrect.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-02 11:17 UTC] jani@php.net
You give very little info how you've setup PHP but I'm guessing it's under IIS as CGI (or FastCGI?) ? If it's CGI/FastCGI, plase change the category accordingly. The "IIS Related" is for the ISAPI SAPI.
 [2007-10-02 11:57 UTC] christopher dot graham at digforfire dot co dot uk
It's a standard CGI install of the latest PHP maintenance release, on IIS (Windows Server 2003).
The authentication involved on this domain is standard IIS installation that happens when 'Anonymous Access' is turned off (i.e. you log in, via HTTPauth, using the credentials of a valid system user - PHP then runs as that user).
 [2007-10-02 12:23 UTC] tony2001@php.net
>This is likely somehow related to how the CGI process will be
>executed under a different username to usual.

So it's just a permissions issue, isn't it?

>phpinfo returns the correct upload_tmp_dir even though the tmp files 
>are not actually put there; I tested this on the same page request as 
>seeing the tmp path as being incorrect.

Well, if it can't put the files there because of wrong permissions, what would you expect it to do?
 [2007-10-02 12:38 UTC] christopher dot graham at digforfire dot co dot uk
I've just tested and I was able to write into this directory from the same HTTPauth user that I've been having the problem with.

I think your question was rhetorical, but even so, I would think something like a PHP_NOTICE would help. If not this at least some kind of feedback from PHP would be helpful IMHO, to be able to trace the problem rather than guess at potential causes.
I'm just trying to be helpful here and get the information to help the problem be fixed in case others stumble upon it.
 [2007-10-02 14:28 UTC] jani@php.net
I think it actually does already have such notice if tmpdir is not writable. Make sure you have error_reporting/display_errors setup so that you can see all errors.
 [2007-10-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 03:01:28 2024 UTC