PHP :: Bug #35877 :: new files can not be created in safe mode

Bug #35877

new files can not be created in safe mode

Submitted:

2006-01-03 04:21 UTC

Modified:

2006-01-11 01:00 UTC

Votes:	5
Avg. Score:	4.6 ± 0.8
Reproduced:	4 of 4 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (25.0%)

From:

kirils at r1g dot edu dot lv

Assigned:

Status:

No Feedback

Package:

Safe Mode/open_basedir

PHP Version:

4.4.1

OS:

Linux 2.4.32

Private report:

CVE-ID:

None

View Developer Edit

[2006-01-03 04:21 UTC] kirils at r1g dot edu dot lv

Description:
------------
if safe_mode on, and fopen, imagejpeg (to file) .. wants to 
write to file that does not exist the file DOES NOT GET CREATED (file/dir permissions OK), but an error gets displayed.

Warning: imagepng(): Unable to access img/test.png in /.../t.php on line 4

Warning: imagepng(): Invalid filename 'img/test.png' in /.../t.php on line 4

Reproduce code:
---------------
<?php
        $img = imagecreatefrompng('img/font.png');
        imagepng($img,'img/test.png') or die('wtf?');
        echo 'test';
?>

Expected result:
----------------
i expect img/test.png to be created and "test" displayed.

Actual result:
--------------
img/test.png does not get created.
imagecreatefrompng() works, but imagepng() fails ,dying with text "wtf?".

--
this code circumvents the bug:
<?php
        $img = imagecreatefrompng('img/font.png');
        touch('img/test.png');
        imagepng($img,'img/test.png') or die('wtf?');
        echo 'test';
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-01-03 21:36 UTC] sniper@php.net

1) that works fine for me.
2) you didn't explain at all how exactly you run the script
3) you haven't tried latest CVS snapshot

[2006-01-03 21:49 UTC] kirils at r1g dot edu dot lv

Thanks for your reply.
i'm running linux 2.4.32 with apache 1.3.34 installed. php is enabled as apache module.
the php file that generates errors is being accessed from the web.
directory structure follows:
./:
t.php  rwxrwxrwx user:web <-- file being accessed
img/  drwxrwxrwx user:web

img/:
[empty]

I've listed the file t.php above.

[2006-01-03 22:18 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2006-01-11 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2008-10-09 00:43 UTC] zackbeatty at gmail dot com

I have this same EXACT problem.   This is surprising, considering:
- I am using PHP Version 5.2.5
- There have been numerous claims that this was fixed in version 4, and most of the bug reports originate back in 2005 and 2006 (it's now 2008).

Furthermore, neither the touch() and fopen() workarounds work for me, as they seem to have worked for PHP4.

Any help would be appreciated.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 22:00:01 2025 UTC