php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51949 open_basedir and move_uploaded_file does not harmonize!
Submitted: 2010-05-30 19:28 UTC Modified: 2018-05-05 20:16 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: lars dot plessmann at gmx dot de Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 5.3.2 OS: Linux h1638833 2.6.18-028stab064
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lars dot plessmann at gmx dot de
New email:
PHP Version: OS:

 

 [2010-05-30 19:28 UTC] lars dot plessmann at gmx dot de
Description:
------------
I have several vhosts and I'd like to use the open_basedir setting for them.

My PHP config is something like that:

Directive | Local Value | Master Value
[...]
safe_mode | Off | Off
safe_mode_exec_dir | /usr/local/php/bin | /usr/local/php/bin
safe_mode_gid | Off | Off
safe_mode_include_dir | no value | no value
upload_tmp_dir | /tmp | /tmp
open_basedir | /srv/www/vhosts/domain.tld/httpdocs;/tmp | no value
[...]


When I upload files, they do get in /tmp directory and have the privilege:

-rw-r--r--  1 wwwrun www  647585 30. Mai 15:43 demo.jpg

The move_uploaded_file function with using absolute directories and correct paths (I proofed this) returns always false on my PHP 5.3.1 and PHP 5.3.2 compilation!
The target directory has full rwx privileges for all user/group/others and there is not a filesystem privilege problem!

The php log files are not very verbose, in fact, it tells me nothing about the failed movement (also tried with report_error = E_ALL).

If I use rename instead of move_uploaded_file, PHP seems to move the file.


Test script:
---------------
// assumes the upload is successfully done (I can see the file in 
// in the filesystem with the privileges: -rw-r--r--  1 wwwrun www).

[...]

if(move_uploaded_file("/tmp/silverstripe-cache-srv-www-vhosts-domain.tld-httpdocs-silverstripe-v2.4.0/demo.jpg", "/srv/www/vhosts/domain.tld/httpdocs/silverstripe-4.2.0/assets/Upload/demo.jpg")) {
   return true;
} else {
   return false;
}

[...]

Expected result:
----------------
I expect that the file can be moved with the move_uploaded_file from /tmp to the /srv/www/vhosts/domain.tld/httpdocs/silverstripe-4.2.0/assets/Upload by PHP (apache user wwwrun) which created the file in the directory /tmp as well (just a few seconds before). It should take care of the open_basedir setting.
The target directory and also the source directory is specified in the open_basedir setting.



Actual result:
--------------
If I overwrite the open_basedir setting for the virtual host to "none", the upload and move_uploaded_file works fine:

Directive | Local Value | Master Value
open_basedir | no value | no value

But it's not a pretty solution for me just to turn off this security feature!

When I google I only find thousends of other people having problems with open_basedir. :-(

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-10-17 15:28 UTC] jo at feuersee dot de
See http://open.silverstripe.org/ticket/5547

I'd say it's an application level bug (in this case silverstripe), not a PHP 
bug.
Both move_uploaded_file and is_uploaded_file expect the 1st param to be the 
unmodified temp filename inside upload_dir, but siverstripe copies the 
uploaded file and then uses these function, thus they always fail.

A patch is avail
 [2018-05-05 20:16 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2018-05-05 20:16 UTC] requinix@php.net
The link no longer works (and archive.org doesn't have it), but this
  https://github.com/silverstripe/silverstripe-cms/issues/340
suggests that there was, in fact, a SilverStripe bug responsible at least in part. I also vaguely remember there being some issue with move_uploaded_file and open_basedir in the past that was fixed...

If anyone knows that this bug (a) is with PHP and (b) still exists, say something.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Fri Dec 14 13:01:25 2018 UTC