ID: 41824 Comment by: gkieffer at evolutive dot org Reported By: mueller at intertrend dot de Status: No Feedback Bug Type: Safe Mode/open_basedir Operating System: SUSE LINUX 10.0 PHP Version: 4.4.7 New Comment:
Hi, I have the same behavior (that contradicts the documentation): source argument of move_uploaded_file() is checked against open_basedir. As requested by '[EMAIL PROTECTED]', I've tried the latest PHP4 snapshot (php4-STABLE-200710080830) and the open_basedir restriction is still enforced on the source parameter of move_uploaded_file. 4.4.8-dev (snapshot): KO 4.4.7 : KO 4.4.6 : KO 4.4.5 : KO 4.4.3 : KO 4.4.2 : OK 4.4.1 : (I assume, I haven't tested it) 4.4.0 : OK Here's some extra info about my environment: Linux Debian Sarge Apache 2.0.59 (compiled, not a Debian pkg) PHP 4.4.x compiled as a module for Apache 2.0.59 upload_tmp_dir = /var/run/php-file-uploads open_basedir = /wrk1/htdocssds/site.fqdn/ /var and /wrk1 are different (ext3) filesystems. destination dir of move_uploaded_file() is /wrk1/htdocssds/site.fqdn/backoffice/photo_gest/ If I add '/var/run/php-file-uploads/' to open_basedir everything works fine but this is not the expected behavior. Hope it helps ! Bye, G. Previous Comments: ------------------------------------------------------------------------ [2007-07-05 01:00:01] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2007-06-27 15:49:08] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2007-06-27 14:16:47] mueller at intertrend dot de Description: ------------ move_uploaded_file() does not work if open_basedir is set. settings in php.ini: file_uploads = On upload_tmp_dir = /tmp settings in httpd.conf: php_admin_value open_basedir /www/com/servername tmp-dir and destination-dir are on the same filesystem. Reproduce code: --------------- $uploaddir = '/www/com/servername'; $uploadfile = $uploaddir . basename($_FILES['userfile']['tmp_name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; Expected result: ---------------- File is valid, and was successfully uploaded. Actual result: -------------- Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(/tmp/php5bwW9n) is not within the allowed path(s): (/www/com/servername) in /www/com/servername/test.php on line 9 Warning: move_uploaded_file(/tmp/php5bwW9n) [function.move-uploaded-file]: failed to open stream: Operation not permitted in /www/com/servername/test.php on line 9 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/php5bwW9n' to '/www/com/servername/php5bwW9n' in /www/com/servername/test.php on line 9 Possible file upload attack! Here is some more debugging info:Array ( [userfile] => Array ( [name] => Neu Textdokument (2).txt [type] => text/plain [tmp_name] => /tmp/php5bwW9n [error] => 0 [size] => 1500 ) ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41824&edit=1
