php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32644 move_uploaded_file() relative path
Submitted: 2005-04-09 16:53 UTC Modified: 2005-04-11 17:34 UTC
From: tck at tcknetwork dot com Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 5.0.4 OS: WinXP(SP2)
Private report: No CVE-ID: None
 [2005-04-09 16:53 UTC] tck at tcknetwork dot com
Description:
------------
The move_uploaded_file() use the root of the hard disk in some special cases instead of using the relative path from the script.

So far require() is not affected by this problem. I think it is just this function that handles not properly the path.

Reproduce code:
---------------
My file system is built like this :
D:\Data (directory)
D:\Web\data (directory << note the ressemblance)
D:\Web\test\up.php (my script)

My script contains the following :
<?
 $f=$_FILES["myfile"]["tmp_name"];
 @move_uploaded_file($f,"../data/demo.jpg");
?>
<form enctype="multipart/form-data" method="post" action="<?=$_SERVER["PHP_SELF"]; ?>">
<input type="file" name="myfile">
<input type="submit" value="upload">
</form>

Expected result:
----------------
When I send a file, I expect it to be uploaded into 
dirname("D:\Web\test\up.php")."../data/demo.jpg"
it means "D:\Web\data\demo.jpg".

In fact when I submit a file with my script twice, the following happens :

1st submit : File uploaded into "D:\Data\demo.jpg"
(using the root instead of relative path)

2nd submit : File uploaded into "D:\Web\data\demo.jpg"
(working as expected only if the file "D:\Data\demo.jpg" exists)

Actual result:
--------------
Actually the PHP developer can fix this bug by changing the upload line
 @move_uploaded_file($f,"../data/demo.jpg");

by
 @move_uploaded_file($f,dirname($_SERVER["SCRIPT_FILENAME"])."/../data/demo.jpg");

note that if the directory D:\Data
does not exists, the function will place the file properly into D:\Web\data

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-09 17:17 UTC] tck at tcknetwork dot com
This happens both if I use zend optimizer or not (I doubted it could be a possible source of problems. Note as well that my Apache (2.0.53, using php as a module) root is on D:\Server if it may help.
 [2005-04-10 21:38 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

Also add this to be first line in your script handling the upload: error_reporting(E_ALL); ini_set('display_errors', 1);

 [2005-04-10 22:35 UTC] tck at tcknetwork dot com
As recommended, I upgraded to the 5.1.0-dev snapshot (php5ts.dll & php5apache2.dll) and deleted my php.ini to be sure there wouldn't be any misconfigured option.
On top of that I edited my script like this (I added all warnings as demanded and a little fix to avoid a warning message not related to the bug) :

<?
 error_reporting(E_ALL); ini_set('display_errors', 1);
 if (count($_FILES)) {
  $f=$_FILES["myfile"]["tmp_name"];
  if (move_uploaded_file($f,"../data/demo.jpg")) echo "up";
 }
?>
<form enctype="multipart/form-data" method="post" action="<?=$_SERVER["PHP_SELF"]; ?>">
 <input type="file" name="myfile"> <input type="submit" value="upload">
</form>

I tried to run my script twice (like before) but the problem remains exactely the same.
The hard disk root is still taken as the "current directory" instead of the script's directory.
I'm nearly sure that the bug happened when I upgraded from 5.0.3 to 5.0.4.

Does this bug come from a "default include directory" or something like that where the engine decide to go first ?
The most annoying is that once the file in D:\Data\demo.jpg exists, the function works as expected...
 [2005-04-10 22:45 UTC] tck at tcknetwork dot com
The next question will be probably "what if you dismiss the ../" ? The answer is that it works properly :

move_uploaded_file($_FILES["myfile"]["tmp_name"],"data/demo.jpg");

move properly the file into D:\Web\test\data, but the problem still remains if I have

move_uploaded_file($_FILES["myfile"]["tmp_name"],"../data/demo.jpg")

In fact the bug happen only if you go backward in the filesystem tree, no matter how deep you are (I tried from D:\Web\test\test\demo\up\up.php > D:\Web\test\test\demo\data but the file went still into D:\data)
 [2005-04-11 02:03 UTC] sniper@php.net
And you are aware that Apache does an internal 'cwd /' ?
(changes working directory to root)

 [2005-04-11 17:34 UTC] tck at tcknetwork dot com
Well, I tried with my apache configured with its root at C:\Server instead of D:\Server and it works fine there.
I suppose this is because in Windows if we want to change the drive we have first to type
$>D:[enter] 
$>cd \Server\

Then I suppose it is a apache-related bug. I will report it to them...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 15:01:28 2024 UTC