PHP :: Bug #37236 :: move_uploaded_file() does not work when "upload_tmp

Bug #37236

move_uploaded_file() does not work when "upload_tmp_dir" is other fs than dest

Submitted:

2006-04-28 11:31 UTC

Modified:

2006-11-09 18:00 UTC

Votes:	22
Avg. Score:	4.9 ± 0.3
Reproduced:	19 of 19 (100.0%)
Same Version:	13 (68.4%)
Same OS:	10 (52.6%)

From:

youza at post dot cz

Assigned:

iliaa (profile)

Status:

Closed

Package:

*Directory/Filesystem functions

PHP Version:

5.1.4, 4.4.2

OS:

fedora core 4

Private report:

CVE-ID:

None

View Developer Edit

[2006-04-28 11:31 UTC] youza at post dot cz

Description:
------------
Function move_uploaded_file()  work fine in
php4-STABLE-200602010935.tar.gz

but not work in last php4-STABLE-200604281030.tar.gz
the code www page, directory structure and permission  and apache, configuration is the same.

Error message:

[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(): open_basedir restriction in effect. File(/tmp/php0FDyAV) is not within the allowed path(s): (/my/web/path) in /my/web/path/upload/upload.php on line 53
[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(/tmp/php0FDyAV): failed to open stream: Operation not permitted in /my/web/path/upload/upload.php on line 53
[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(): Unable to move '/tmp/php0FDyAV' to 'upload/php0FDyAV' in /my/web/path/upload/upload.php on line 53

How is problem  in  ext/standard/file.c ???

the chages:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.6&r2=1.279.2.70.2.7&pathrev=PHP_4_4



Reproduce code:
---------------
move_uploaded_file($file, $destination);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-05-09 13:24 UTC] 0602 at eq dot cz

Hi, the same here with 5.1.4. The problem in 5.1.4 sources is here: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.409.2.5&r2=1.409.2.6 - commited by iliaa. When 'upload_tmp_dir' is on a different filesystem then the destination file, the code in move_uploaded_file fails on rename and then tries php_copy_file, which after the iliaa's commit checks also the source path for open_basedir restriction. The obvious workaround for this bug is to reconfigure upload_tmp_dir to be on the same fs as the destination.

[2006-07-23 12:27 UTC] sniper@php.net

Sara, anything new about this?

[2006-08-04 07:36 UTC] youza at post dot cz

Other details:
if upload_tmp_dir is on a different filesystem then the
destination file, the function move_uploaded_file (for
PHP  4.4.2) - work fine and  the destination file  has permission  -rw-rw-r--  UID/GID apache/apache
( apache process started witch umask 0002  ).
But   upload_tmp_dir  is on a
the same filesystem then the destination file, permission
for new destination file is  -rw-------  UID/GID apache/apache !!!!
( tested PHP 4.4.2, PHP 5.1.4 ) The permissions is incorrect
users in apache group will not have access to this files.

Diferent permission depending to the  upload_tmp_dir and filesystem location not correct.

[2006-10-16 15:12 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2006-10-23 07:46 UTC] youza at post dot cz

I can find this fix in CVS for 4.4.4 ?

[2006-10-23 07:49 UTC] youza at post dot cz

Sorry,  I cannot  find this fix in CVS for 4.4.4 ?

[2006-11-06 09:22 UTC] youza at post dot cz

Hello,
please i cannot find the fix in 4.4.4 CVS, please help me.
Is this bug fixed in the 4.4.4(5) CVS ?
Sorry if  my question is irrelevant.

[2006-11-09 18:00 UTC] iliaa@php.net

The fix is in PHP 4, however it will only work if your upload 
dir is within open_basedir or open_basedir is disabled. On 
PHP5 this is a non-issue, however this part of a patch cannot 
be backported due to BC issues.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Mar 22 00:01:32 2025 UTC