|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #6875 upload_tmp_dir in php.ini doesn't work in safe_mode
Submitted: 2000-09-24 23:14 UTC Modified: 2001-06-12 04:01 UTC
From: sintes at nfrance dot com Assigned:
Status: Duplicate Package: Feature/Change Request
PHP Version: 4.0.2 OS: Linux 2.2.17 / Open BSD 2.8
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: sintes at nfrance dot com
New email:
PHP Version: OS:


 [2000-09-24 23:14 UTC] sintes at nfrance dot com
Tested with:
  - php 4.0.2 on Linux 2.2.17
  - php 4.0.3RC1 on Linux 2.2.17
  - php 4.0.3RC1 on OpenBSD 2.7
  - php 4.0.3RC1 on OpenBSD 2.8 Snap

Work's fine with Php4.0.1pl2 on all operating system tested.

'./configure' '--with-pgsql=/usr/local' '--with-mysql=/usr/local' '--with-imagic'
 '--with-imap' '--enable-track-vars' '--enable-safe-mode' '--enable-memory-limit'
 '--enable-magic-quotes' '--enable-roxen-zts' '--with-gd=/usr/' '--with-t1lib'
  '--with-cpdflib' '--enable-ftp' '--enable-calendar' '--with-gdbm'
 '--enable-zlib=/usr/' '--with-gettext' '--with-mcrypt=/usr/local' '--with-xml'
 '--with-dom' '--with-swf' '--with-apache=/usr/local/src/apache_1.3.12'

Tried also with just the --enable-safe-mode option.

php.ini with all defaults except following:
  safe_mode               =       On
  safe_mode_exec_dir      =       "/safe-bin"
  safe_mode_allowed_env_vars = PHP_,HTTP_POST 
  upload_tmp_dir  = ./tmp-php/

The simple script:

<form enctype="multipart/form-data" method="post" action="upload.php">
<input type="file" name="fichier">
<input type="submit">

and upload.php
copy ("$fichier","upload/$fichier_name"); 

tmp-php and upload are in 777. Owner is the same that the file

The script return the following

Warning SAFE MODE Restriction in effect. The script whose uid is 504 is not allowed to access /tmp/phpYmZddQ owned by uid 0 in
/home/dh/html/upload.php3 on line 8wing:

* Note that php try to access to /tmp/php* not to ./tmp-php/php*

phpinfo returns:

in configuration section:

upload_tmp_dir    ./tmp-php/   ./tmp-php/

But in PHP Variable section:

PHP Variables

                                                        [name] => toto
                                                        [type] => 
                                                        [tmp_name] => /tmp/phpYmZddQ
                                                        [size] => 469

It seems the problem occurs since the 
$HTTP_POST_FILES[filename][tmp_name] has been added.

* No problem with php4.0.1pl2.




Pull Requests


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-21 03:54 UTC]
Duplicate of #5575 (on one part of it).
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sat Feb 15 01:01:29 2025 UTC