PHP :: Bug #44562 :: upload_tmp_dir permissions failure

Bug #44562

upload_tmp_dir permissions failure

Submitted:

2008-03-28 22:14 UTC

Modified:

2008-10-25 13:24 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

nlgordon at gmail dot com

Assigned:

Status:

Not a bug

Package:

Safe Mode/open_basedir

PHP Version:

5.2.5

OS:

RHEL 4

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	nlgordon at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-03-28 22:14 UTC] nlgordon at gmail dot com

Description:
------------
Given the following scenario:

open_basedir enabled to /var/www/foo
upload_tmp_dir set to /var/www/foo/tmpdir
No free file space to handle the upload in the temp dir specified.

Causes PHP to throw an error that doesn't make a lot of sense to my end users:

Warning: Unknown: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/foo/tmpdir) in Unknown on line 0

This makes things look like a permissions issue.  I have tracked down the source of the error to main/php_open_temporary_file.c:254  There is a comment there that if the first attempt fails, it will use the system temp dir.  While that might be fine on systems without open_basedir enabled, it can cause some confusing error messages otherwise.  The error message of "File upload error - unable to create a temporary file" is perfect for this error, and it does show up.  It just isn't the first or most noticeable error.

I notice that in the php_get_temporary_directory function (which is what determines /tmp as the temp dir) that there are options for changing this default.  I plan on setting TMPDIR per vhost as a work around, but this seems unnecessary as I already set upload_tmp_dir.

I'm not sure what the perfect answer to this is, but I'm not sure I agree with magically changing something I specifically set without telling me.  Some of the extremists might even label this a security issue.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-25 13:24 UTC] jani@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 03:01:29 2024 UTC