php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #6875 upload_tmp_dir in php.ini doesn't work in safe_mode
Submitted: 2000-09-24 23:14 UTC Modified: 2001-06-12 04:01 UTC
From: sintes at nfrance dot com Assigned:
Status: Duplicate Package: Feature/Change Request
PHP Version: 4.0.2 OS: Linux 2.2.17 / Open BSD 2.8
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sintes at nfrance dot com
New email:
PHP Version: OS:

 

 [2000-09-24 23:14 UTC] sintes at nfrance dot com
Tested with:
--------------
  - php 4.0.2 on Linux 2.2.17
  - php 4.0.3RC1 on Linux 2.2.17
  - php 4.0.3RC1 on OpenBSD 2.7
  - php 4.0.3RC1 on OpenBSD 2.8 Snap

Work's fine with Php4.0.1pl2 on all operating system tested.

'./configure' '--with-pgsql=/usr/local' '--with-mysql=/usr/local' '--with-imagic'
 '--with-imap' '--enable-track-vars' '--enable-safe-mode' '--enable-memory-limit'
 '--enable-magic-quotes' '--enable-roxen-zts' '--with-gd=/usr/' '--with-t1lib'
  '--with-cpdflib' '--enable-ftp' '--enable-calendar' '--with-gdbm'
 '--enable-zlib=/usr/' '--with-gettext' '--with-mcrypt=/usr/local' '--with-xml'
 '--with-dom' '--with-swf' '--with-apache=/usr/local/src/apache_1.3.12'

Tried also with just the --enable-safe-mode option.
-----------------------------------------------------------

php.ini with all defaults except following:
  safe_mode               =       On
  safe_mode_exec_dir      =       "/safe-bin"
  safe_mode_allowed_env_vars = PHP_,HTTP_POST 
  upload_tmp_dir  = ./tmp-php/

The simple script:
---------------------

<form enctype="multipart/form-data" method="post" action="upload.php">
<input type="file" name="fichier">
<input type="submit">
</form> 

and upload.php
copy ("$fichier","upload/$fichier_name"); 

tmp-php and upload are in 777. Owner is the same that the file
upload.php3.

The script return the following
-----------------------------------

Warning SAFE MODE Restriction in effect. The script whose uid is 504 is not allowed to access /tmp/phpYmZddQ owned by uid 0 in
/home/dh/html/upload.php3 on line 8wing:

* Note that php try to access to /tmp/php* not to ./tmp-php/php*


phpinfo returns:
------------------

in configuration section:
----------------------------

upload_tmp_dir    ./tmp-php/   ./tmp-php/


But in PHP Variable section:
---------------------------------

PHP Variables

    Variable
                                                                            Value
    PHP_SELF
                                                    /upload.php3
    HTTP_POST_FILES["fichier"]
                                                    Array
                                                    (
                                                        [name] => toto
                                                        [type] => 
                                                        [tmp_name] => /tmp/phpYmZddQ
                                                        [size] => 469
                                                    )


It seems the problem occurs since the 
$HTTP_POST_FILES[filename][tmp_name] has been added.

* No problem with php4.0.1pl2.




 



  

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-21 03:54 UTC] sniper@php.net
Duplicate of #5575 (on one part of it).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 16:01:29 2024 UTC