|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-10-17 15:28 UTC] jo at feuersee dot de
[2018-05-05 20:16 UTC] requinix@php.net
-Status: Open
+Status: Not a bug
[2018-05-05 20:16 UTC] requinix@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Dec 02 13:00:01 2025 UTC |
Description: ------------ I have several vhosts and I'd like to use the open_basedir setting for them. My PHP config is something like that: Directive | Local Value | Master Value [...] safe_mode | Off | Off safe_mode_exec_dir | /usr/local/php/bin | /usr/local/php/bin safe_mode_gid | Off | Off safe_mode_include_dir | no value | no value upload_tmp_dir | /tmp | /tmp open_basedir | /srv/www/vhosts/domain.tld/httpdocs;/tmp | no value [...] When I upload files, they do get in /tmp directory and have the privilege: -rw-r--r-- 1 wwwrun www 647585 30. Mai 15:43 demo.jpg The move_uploaded_file function with using absolute directories and correct paths (I proofed this) returns always false on my PHP 5.3.1 and PHP 5.3.2 compilation! The target directory has full rwx privileges for all user/group/others and there is not a filesystem privilege problem! The php log files are not very verbose, in fact, it tells me nothing about the failed movement (also tried with report_error = E_ALL). If I use rename instead of move_uploaded_file, PHP seems to move the file. Test script: --------------- // assumes the upload is successfully done (I can see the file in // in the filesystem with the privileges: -rw-r--r-- 1 wwwrun www). [...] if(move_uploaded_file("/tmp/silverstripe-cache-srv-www-vhosts-domain.tld-httpdocs-silverstripe-v2.4.0/demo.jpg", "/srv/www/vhosts/domain.tld/httpdocs/silverstripe-4.2.0/assets/Upload/demo.jpg")) { return true; } else { return false; } [...] Expected result: ---------------- I expect that the file can be moved with the move_uploaded_file from /tmp to the /srv/www/vhosts/domain.tld/httpdocs/silverstripe-4.2.0/assets/Upload by PHP (apache user wwwrun) which created the file in the directory /tmp as well (just a few seconds before). It should take care of the open_basedir setting. The target directory and also the source directory is specified in the open_basedir setting. Actual result: -------------- If I overwrite the open_basedir setting for the virtual host to "none", the upload and move_uploaded_file works fine: Directive | Local Value | Master Value open_basedir | no value | no value But it's not a pretty solution for me just to turn off this security feature! When I google I only find thousends of other people having problems with open_basedir. :-(