ID: 39123
User updated by: phpbugs at thequod dot de
Reported By: phpbugs at thequod dot de
Status: Bogus
Bug Type: Safe Mode/open_basedir
Operating System: Ubuntu Linux
PHP Version: 5CVS-2006-10-11 (CVS)
New Comment:
JFI: it seems to be the same with session.save_path.
Setting it explicitly to "/tmp/" helps here, too.
Previous Comments:
------------------------------------------------------------------------
[2006-10-13 19:27:27] phpbugs at thequod dot de
And why is it so that:
upload_tmp_dir=/tmp
open_basedir=/tmp/
works, but
open_basedir=/tmp/
does not?! (because of the trailing slash in the last
example)
Additionally, I don't believe that upload_tmp_dir is set
on most installs.
------------------------------------------------------------------------
[2006-10-13 13:29:05] [EMAIL PROTECTED]
The error is that the "default" path is validated against
open_basedir to address earlier tempnam() vulnerability
allowing open_basedir bypass.
The solution is either to: set upload_tmp_dir (which is the
case on most installs) or to make sure that the default tmp
dir is inside the open_basedir.
------------------------------------------------------------------------
[2006-10-13 13:29:04] [EMAIL PROTECTED]
The error is that the "default" path is validated against
open_basedir to address earlier tempnam() vulnerability
allowing open_basedir bypass.
The solution is either to: set upload_tmp_dir (which is the
case on most installs) or to make sure that the default tmp
dir is inside the open_basedir.
------------------------------------------------------------------------
[2006-10-13 11:27:26] phpbugs at thequod dot de
Yes, setting upload_tmp_dir explicitly does not cause the
problem (anymore).
But still, because the default of upload_tmp_dir is empty,
it should not bail out when detecting the upload_tmp_dir
setting.
Manually setting upload_tmp_dir to "/tmp" (without
trailing slash) allows uploading, but leaving it unset,
errors out with:
"""
PHP Warning: Unknown: open_basedir restriction in effect.
File(/tmp) is not within the allowed path(s): (/X/:/tmp/)
in Unknown on line 0
PHP Warning: File upload error - unable to create a
temporary file in Unknown on line 0
"""
To me it looks like the error gets triggered while
determining the default upload_tmp_dir setting.
I consider setting "upload_tmp_dir" explicitly as a
work-around currently, but it should not be necessary for
upgrading to 5.2 IMHO.
------------------------------------------------------------------------
[2006-10-13 02:21:22] [EMAIL PROTECTED]
Make sure your upload_tmp_dir is set and then it'll work.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39123
--
Edit this bug report at http://bugs.php.net/?id=39123&edit=1
