php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37236 move_uploaded_file() does not work when "upload_tmp_dir" is other fs than dest
Submitted: 2006-04-28 11:31 UTC Modified: 2006-11-09 18:00 UTC
Votes:22
Avg. Score:4.9 ± 0.3
Reproduced:19 of 19 (100.0%)
Same Version:13 (68.4%)
Same OS:10 (52.6%)
From: youza at post dot cz Assigned: iliaa
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.1.4, 4.4.2 OS: fedora core 4
Private report: No CVE-ID:
 [2006-04-28 11:31 UTC] youza at post dot cz
Description:
------------
Function move_uploaded_file()  work fine in
php4-STABLE-200602010935.tar.gz

but not work in last php4-STABLE-200604281030.tar.gz
the code www page, directory structure and permission  and apache, configuration is the same.

Error message:

[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(): open_basedir restriction in effect. File(/tmp/php0FDyAV) is not within the allowed path(s): (/my/web/path) in /my/web/path/upload/upload.php on line 53
[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(/tmp/php0FDyAV): failed to open stream: Operation not permitted in /my/web/path/upload/upload.php on line 53
[28-Apr-2006 12:28:16] PHP Warning:  move_uploaded_file(): Unable to move '/tmp/php0FDyAV' to 'upload/php0FDyAV' in /my/web/path/upload/upload.php on line 53

How is problem  in  ext/standard/file.c ???

the chages:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.6&r2=1.279.2.70.2.7&pathrev=PHP_4_4



Reproduce code:
---------------
move_uploaded_file($file, $destination);


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-09 13:24 UTC] 0602 at eq dot cz
Hi, the same here with 5.1.4. The problem in 5.1.4 sources is here: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.409.2.5&r2=1.409.2.6 - commited by iliaa. When 'upload_tmp_dir' is on a different filesystem then the destination file, the code in move_uploaded_file fails on rename and then tries php_copy_file, which after the iliaa's commit checks also the source path for open_basedir restriction. The obvious workaround for this bug is to reconfigure upload_tmp_dir to be on the same fs as the destination.
 [2006-07-23 12:27 UTC] sniper@php.net
Sara, anything new about this?
 [2006-08-04 07:36 UTC] youza at post dot cz
Other details:
if upload_tmp_dir is on a different filesystem then the
destination file, the function move_uploaded_file (for
PHP  4.4.2) - work fine and  the destination file  has permission  -rw-rw-r--  UID/GID apache/apache
( apache process started witch umask 0002  ).
But   upload_tmp_dir  is on a
the same filesystem then the destination file, permission
for new destination file is  -rw-------  UID/GID apache/apache !!!!
( tested PHP 4.4.2, PHP 5.1.4 ) The permissions is incorrect
users in apache group will not have access to this files.

Diferent permission depending to the  upload_tmp_dir and filesystem location not correct.
 [2006-10-16 15:12 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2006-10-23 07:46 UTC] youza at post dot cz
I can find this fix in CVS for 4.4.4 ?
 [2006-10-23 07:49 UTC] youza at post dot cz
Sorry,  I cannot  find this fix in CVS for 4.4.4 ?
 [2006-11-06 09:22 UTC] youza at post dot cz
Hello,
please i cannot find the fix in 4.4.4 CVS, please help me.
Is this bug fixed in the 4.4.4(5) CVS ?
Sorry if  my question is irrelevant.
 [2006-11-09 18:00 UTC] iliaa@php.net
The fix is in PHP 4, however it will only work if your upload 
dir is within open_basedir or open_basedir is disabled. On 
PHP5 this is a non-issue, however this part of a patch cannot 
be backported due to BC issues.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 14:01:50 2014 UTC