PHP :: Bug #42825 :: upload_tmp_dir wrong with authentication on

Bug #42825	upload_tmp_dir wrong with authentication on
Submitted:	2007-10-02 09:46 UTC	Modified:	2007-10-10 01:00 UTC
From:	christopher dot graham at digforfire dot co dot uk	Assigned:
Status:	No Feedback	Package:	CGI/CLI related
PHP Version:	5.2.4	OS:	Windows Server 2003
Private report:	No	CVE-ID:	None

View Developer Edit

[2007-10-02 09:46 UTC] christopher dot graham at digforfire dot co dot uk

Description:
------------
If we turn off 'Anonymous Access' for a domain on IIS (so we have to log in via HTTP-auth), we find that file uploads are saved under a path other than what upload_tmp_dir specifies.
This is likely somehow related to how the CGI process will be executed under a different username to usual.
phpinfo returns the correct upload_tmp_dir even though the tmp files are not actually put there; I tested this on the same page request as seeing the tmp path as being incorrect.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-10-02 11:17 UTC] jani@php.net

You give very little info how you've setup PHP but I'm guessing it's under IIS as CGI (or FastCGI?) ? If it's CGI/FastCGI, plase change the category accordingly. The "IIS Related" is for the ISAPI SAPI.

[2007-10-02 11:57 UTC] christopher dot graham at digforfire dot co dot uk

It's a standard CGI install of the latest PHP maintenance release, on IIS (Windows Server 2003).
The authentication involved on this domain is standard IIS installation that happens when 'Anonymous Access' is turned off (i.e. you log in, via HTTPauth, using the credentials of a valid system user - PHP then runs as that user).

[2007-10-02 12:23 UTC] tony2001@php.net

>This is likely somehow related to how the CGI process will be
>executed under a different username to usual.

So it's just a permissions issue, isn't it?

>phpinfo returns the correct upload_tmp_dir even though the tmp files 
>are not actually put there; I tested this on the same page request as 
>seeing the tmp path as being incorrect.

Well, if it can't put the files there because of wrong permissions, what would you expect it to do?

[2007-10-02 12:38 UTC] christopher dot graham at digforfire dot co dot uk

I've just tested and I was able to write into this directory from the same HTTPauth user that I've been having the problem with.

I think your question was rhetorical, but even so, I would think something like a PHP_NOTICE would help. If not this at least some kind of feedback from PHP would be helpful IMHO, to be able to trace the problem rather than guess at potential causes.
I'm just trying to be helpful here and get the information to help the problem be fixed in case others stumble upon it.

[2007-10-02 14:28 UTC] jani@php.net

I think it actually does already have such notice if tmpdir is not writable. Make sure you have error_reporting/display_errors setup so that you can see all errors.

[2007-10-10 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 12:01:30 2024 UTC