ID: 38934
User updated by: phpbugs at thequod dot de
Reported By: phpbugs at thequod dot de
-Status: Feedback
+Status: Open
Bug Type: Safe Mode/open_basedir
Operating System: Ubuntu Linux
PHP Version: 5.1.6
New Comment:
Just tried it with PHP_5_2 (CVS), resulting in:
Warning: Unknown: open_basedir restriction in effect.
File(/tmp) is not within the allowed path(s): (/var/www)
in Unknown on line 0
Warning: File upload error - unable to create a temporary
file in Unknown on line 0
I've configured PHP just
with "--with-apxs2=/usr/bin/apxs2" and use this simple
php.ini file:
open_basedir = "/var"
display_errors=on
display_startup_errors=On
error_reporting=E_ALL
Previous Comments:
------------------------------------------------------------------------
[2006-09-29 18:29:26] moron at industrial dot org
Sorry for the flurry. In our case it turned out that the error message
was just misleading. A simple permissions issue on the target directory
was the cause (arrgh) but the error message explicitly stated that the
problem was the open_basedir setting of the upload_tmp directory. So
more of an annoyance than a show stopper in our case.
------------------------------------------------------------------------
[2006-09-29 18:13:11] moron at industrial dot org
Sorry, forgot to note that in our case, "upload_tmp_dir" is explicitly
set.
------------------------------------------------------------------------
[2006-09-29 18:12:05] moron at industrial dot org
Exact same behaviour with 4.4.4 under FreeBSD 6.1.
Frustrating as this bug has appeared before.
------------------------------------------------------------------------
[2006-09-25 12:54:21] [EMAIL PROTECTED]
Cannot reproduce with both 5.1.6 and latest CVS.
With upload_tmp_dir not set (aka "/tmp") and open_basedir="/www", I get
this: File is valid, and was successfully uploaded.
------------------------------------------------------------------------
[2006-09-25 11:19:58] Bjorn dot Wiberg at its dot uu dot se
Same result on IBM AIX 5.2 ML8, although I'm using PHP 5.1.5 (no big
difference) and have "php_admin_value upload_tmp_dir none" set (so it
defaults to /tmp).
---8<---
Warning: move_uploaded_file(): open_basedir restriction in effect.
File(/tmp/phpP5moMa) is not within the allowed path(s):
(.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in
/apache/htdocs/bwiberg/test/safemode/upload.php on line 9
--->8---
As you can see, /tmp is not within open_basedir, but I think it should
not need to be...
---8<---
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used
instead
// of $_FILES.
$uploaddir = '/apache/htdocs/bwiberg/test/safemode/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
--->8---
Best regards,
Björn
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/38934
--
Edit this bug report at http://bugs.php.net/?id=38934&edit=1
