|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-08-30 11:11 UTC] campolungo at libero dot it
[2017-05-03 15:10 UTC] andreshm1 at gmail dot com
[2021-08-26 15:40 UTC] cmb@php.net
-Status: Open
+Status: Feedback
-Assigned To:
+Assigned To: cmb
[2021-08-26 15:40 UTC] cmb@php.net
[2021-09-05 04:22 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri May 09 05:01:27 2025 UTC |
Description: ------------ Hi, I have a problem with the ini_set upload_tmp_dir. In my scenario it is ignored and it's used the default value ("C:\Windows\Temp"). My configuration is the following: OS: Windows Server 2008 R2 (with IIS 7.5) php: 5.3.3 (also tried with 5.3.6). Both with fastCgi enabled (with impersonating correctly enabled). Main entries of the related php.ini include_path = ".;C:\inetpub\wwwroot\MYSITE\" upload_tmp_dir = "C:\inetpub\wwwroot\SESSION" session.save_path = "C:\inetpub\wwwroot\SESSION" doc_root = "C:\inetpub\wwwroot\MYSITE\" open_basedir = "C:\inetpub\wwwroot\MYSITE\" Permissions of the related IUSR user on the preceding folder: Full control on "C:\inetpub\wwwroot\SESSION" Read & Execute, List folder contents, Read on all the directory (including all the content) "C:\inetpub\wwwroot\MYSITE" Full control on "C:\inetpub\wwwroot\MYSITE\upload" With the preceding configuration a warning occurs when I try to upload a file. The warning is related to the operations performed before moving the file from the temporary directory to the final directory. PHP Warning: Unknown: open_basedir restriction in effect. File(C:\Windows\TEMP\) is not within the allowed path(s): (C:\inetpub\wwwroot\MYSITE\) in Unknown on line 0 PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0 Because the preceding warning, I concluded that the upload_tmp_dir entry was not correctly received by the php engine. The php documentation (http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir) says that "If the directory specified here is not writable, PHP falls back to the system default temporary directory." But in my case the directory was writable. Debugging the request with Process Monitor (a Russinovich software), I've found that the php-cgi.exe doesn't perform any operation with the IUSR user and the following path "C:\inetpub\wwwroot\SESSION". Only the path "C:\inetpub\wwwroot" (the parent) was checked, with ACCESS DENIED (rightly,because the IUSR user doesn't own any permission on that directory). So I tried to create a new folder within the "C:\inetpub\wwwroot\SESSION" directory with name A (path "C:\inetpub\wwwroot\SESSION\A"), in a manner that the parent of the A directory were accessible from the IUSR user. And I've changed the ini upload_tmp_dir with the value "C:\inetpub\wwwroot\SESSION\A" With this configuration it works without any warning and the file has been correctly sent: Main entries of the related php.ini: include_path = ".;C:\inetpub\wwwroot\MYSITE\" upload_tmp_dir = "C:\inetpub\wwwroot\SESSION\A" session.save_path = "C:\inetpub\wwwroot\SESSION" doc_root = "C:\inetpub\wwwroot\MYSITE\" open_basedir = "C:\inetpub\wwwroot\MYSITE\" Permissions of the related IUSR user on the preceding folder: Full control on "C:\inetpub\wwwroot\SESSION" Read & Execute, List folder contents, Read on all the directory (including all the content) "C:\inetpub\wwwroot\MYSITE" Full control on "C:\inetpub\wwwroot\MYSITE\upload" Then I've experienced that the necessary condition of a working upload_tmp_dir is that two requirements are satisfied: - the user IUSR owns the writable rights on the upload_tmp_dir directory - the user IUSR owns the List folders content right on the parent of the upload_tmp_dir directory I think that it isn't the desirable behaviour. Anyone of us can confirm that? Thanks.