php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #6875 upload_tmp_dir in php.ini doesn't work in safe_mode
Submitted: 2000-09-24 23:14 UTC Modified: 2001-06-12 04:01 UTC
From: sintes at nfrance dot com Assigned:
Status: Duplicate Package: Feature/Change Request
PHP Version: 4.0.2 OS: Linux 2.2.17 / Open BSD 2.8
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sintes at nfrance dot com
New email:
PHP Version: OS:

 

 [2000-09-24 23:14 UTC] sintes at nfrance dot com 
Tested with:
--------------
  - php 4.0.2 on Linux 2.2.17
  - php 4.0.3RC1 on Linux 2.2.17
  - php 4.0.3RC1 on OpenBSD 2.7
  - php 4.0.3RC1 on OpenBSD 2.8 Snap

Work's fine with Php4.0.1pl2 on all operating system tested.

'./configure' '--with-pgsql=/usr/local' '--with-mysql=/usr/local' '--with-imagic'
 '--with-imap' '--enable-track-vars' '--enable-safe-mode' '--enable-memory-limit'
 '--enable-magic-quotes' '--enable-roxen-zts' '--with-gd=/usr/' '--with-t1lib'
  '--with-cpdflib' '--enable-ftp' '--enable-calendar' '--with-gdbm'
 '--enable-zlib=/usr/' '--with-gettext' '--with-mcrypt=/usr/local' '--with-xml'
 '--with-dom' '--with-swf' '--with-apache=/usr/local/src/apache_1.3.12'

Tried also with just the --enable-safe-mode option.
-----------------------------------------------------------

php.ini with all defaults except following:
  safe_mode               =       On
  safe_mode_exec_dir      =       "/safe-bin"
  safe_mode_allowed_env_vars = PHP_,HTTP_POST 
  upload_tmp_dir  = ./tmp-php/

The simple script:
---------------------

<form enctype="multipart/form-data" method="post" action="upload.php">
<input type="file" name="fichier">
<input type="submit">
</form> 

and upload.php
copy ("$fichier","upload/$fichier_name"); 

tmp-php and upload are in 777. Owner is the same that the file
upload.php3.

The script return the following
-----------------------------------

Warning SAFE MODE Restriction in effect. The script whose uid is 504 is not allowed to access /tmp/phpYmZddQ owned by uid 0 in
/home/dh/html/upload.php3 on line 8wing:

* Note that php try to access to /tmp/php* not to ./tmp-php/php*


phpinfo returns:
------------------

in configuration section:
----------------------------

upload_tmp_dir    ./tmp-php/   ./tmp-php/


But in PHP Variable section:
---------------------------------

PHP Variables

    Variable
                                                                            Value
    PHP_SELF
                                                    /upload.php3
    HTTP_POST_FILES["fichier"]
                                                    Array
                                                    (
                                                        [name] => toto
                                                        [type] => 
                                                        [tmp_name] => /tmp/phpYmZddQ
                                                        [size] => 469
                                                    )


It seems the problem occurs since the 
$HTTP_POST_FILES[filename][tmp_name] has been added.

* No problem with php4.0.1pl2.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-21 03:54 UTC] sniper@php.net 
Duplicate of #5575 (on one part of it).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC