|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #6875 upload_tmp_dir in php.ini doesn't work in safe_mode
Submitted: 2000-09-24 23:14 UTC Modified: 2001-06-12 04:01 UTC
From: sintes at nfrance dot com Assigned:
Status: Duplicate Package: Feature/Change Request
PHP Version: 4.0.2 OS: Linux 2.2.17 / Open BSD 2.8
Private report: No CVE-ID: None
 [2000-09-24 23:14 UTC] sintes at nfrance dot com
Tested with:
  - php 4.0.2 on Linux 2.2.17
  - php 4.0.3RC1 on Linux 2.2.17
  - php 4.0.3RC1 on OpenBSD 2.7
  - php 4.0.3RC1 on OpenBSD 2.8 Snap

Work's fine with Php4.0.1pl2 on all operating system tested.

'./configure' '--with-pgsql=/usr/local' '--with-mysql=/usr/local' '--with-imagic'
 '--with-imap' '--enable-track-vars' '--enable-safe-mode' '--enable-memory-limit'
 '--enable-magic-quotes' '--enable-roxen-zts' '--with-gd=/usr/' '--with-t1lib'
  '--with-cpdflib' '--enable-ftp' '--enable-calendar' '--with-gdbm'
 '--enable-zlib=/usr/' '--with-gettext' '--with-mcrypt=/usr/local' '--with-xml'
 '--with-dom' '--with-swf' '--with-apache=/usr/local/src/apache_1.3.12'

Tried also with just the --enable-safe-mode option.

php.ini with all defaults except following:
  safe_mode               =       On
  safe_mode_exec_dir      =       "/safe-bin"
  safe_mode_allowed_env_vars = PHP_,HTTP_POST 
  upload_tmp_dir  = ./tmp-php/

The simple script:

<form enctype="multipart/form-data" method="post" action="upload.php">
<input type="file" name="fichier">
<input type="submit">

and upload.php
copy ("$fichier","upload/$fichier_name"); 

tmp-php and upload are in 777. Owner is the same that the file

The script return the following

Warning SAFE MODE Restriction in effect. The script whose uid is 504 is not allowed to access /tmp/phpYmZddQ owned by uid 0 in
/home/dh/html/upload.php3 on line 8wing:

* Note that php try to access to /tmp/php* not to ./tmp-php/php*

phpinfo returns:

in configuration section:

upload_tmp_dir    ./tmp-php/   ./tmp-php/

But in PHP Variable section:

PHP Variables

                                                        [name] => toto
                                                        [type] => 
                                                        [tmp_name] => /tmp/phpYmZddQ
                                                        [size] => 469

It seems the problem occurs since the 
$HTTP_POST_FILES[filename][tmp_name] has been added.

* No problem with php4.0.1pl2.




Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-21 03:54 UTC]
Duplicate of #5575 (on one part of it).
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC