PHP :: Bug #44562 :: upload_tmp_dir permissions failure

Bug #44562

upload_tmp_dir permissions failure

Submitted:

2008-03-28 22:14 UTC

Modified:

2008-10-25 13:24 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

nlgordon at gmail dot com

Assigned:

Status:

Not a bug

Package:

Safe Mode/open_basedir

PHP Version:

5.2.5

OS:

RHEL 4

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nlgordon at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2008-03-28 22:14 UTC] nlgordon at gmail dot com

Description:
------------
Given the following scenario:

open_basedir enabled to /var/www/foo
upload_tmp_dir set to /var/www/foo/tmpdir
No free file space to handle the upload in the temp dir specified.

Causes PHP to throw an error that doesn't make a lot of sense to my end users:

Warning: Unknown: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/foo/tmpdir) in Unknown on line 0

This makes things look like a permissions issue.  I have tracked down the source of the error to main/php_open_temporary_file.c:254  There is a comment there that if the first attempt fails, it will use the system temp dir.  While that might be fine on systems without open_basedir enabled, it can cause some confusing error messages otherwise.  The error message of "File upload error - unable to create a temporary file" is perfect for this error, and it does show up.  It just isn't the first or most noticeable error.

I notice that in the php_get_temporary_directory function (which is what determines /tmp as the temp dir) that there are options for changing this default.  I plan on setting TMPDIR per vhost as a work around, but this seems unnecessary as I already set upload_tmp_dir.

I'm not sure what the perfect answer to this is, but I'm not sure I agree with magically changing something I specifically set without telling me.  Some of the extremists might even label this a security issue.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-25 13:24 UTC] jani@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 05 10:01:33 2025 UTC