ID:               21885
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
-Bug Type:         Filesystem function related
+Bug Type:         Documentation problem
 Operating System: Windows XP - IIS
 PHP Version:      4.3.0
 New Comment:

This was changed because of this bug:

  http://bugs.php.net/bug.php?id=16128&edit=1

And it will stay. Reclassified as documentation prob.



Previous Comments:
------------------------------------------------------------------------

[2003-01-27 17:11:21] [EMAIL PROTECTED]

yes - i have the same problem with php running as cgi in windows 2000
pro with IIS. it used to work just fine, but now with 4.3.0 i get the
same error. it seems like this is a bug, because the documentation
specifically says:

move_uploaded_file() is not affected by the normal safe-mode
UID-restrictions. This is not unsafe because move_uploaded_file() only
operates on files uploaded via PHP. 

even though open_basedir is not safe_mode i think the same logic should
apply!

meanwhile i'll just add the temp dir to open_basedir is a quickfix.

------------------------------------------------------------------------

[2003-01-27 15:35:20] [EMAIL PROTECTED]

Yeah this behavior has changed, it didn't do this in 4.2.3.  It seems
like it *used to* bypass the open_basedir check when using
move_uploaded_file on a file in upload_tmp_dir.  Or rather, it added
one's upload_tmp_dir to open_basedir automatically (bug 17488).

Could someone comment as to whether or not this is a permanent change,
and if so, perhaps document it somewhere on php.net?

(FreeBSD 4.6-STABLE Apache/1.3.27 PHP/4.3.0 apxs, safe_mode=Off)

------------------------------------------------------------------------

[2003-01-27 06:36:28] [EMAIL PROTECTED]

no that is my writing fault on this submission :)

------------------------------------------------------------------------

[2003-01-27 05:25:48] [EMAIL PROTECTED]

missing _ in open_basedir ?

------------------------------------------------------------------------

[2003-01-26 05:01:33] [EMAIL PROTECTED]

i've a script that worked well with 4.2.2, this scripts makes an
upload

my ini is set to:

open basedir=. 

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default
if not
; specified).
upload_tmp_dir ="c:\temp\php-uploads"

; Maximum allowed size for uploaded files.
upload_max_filesize = 6M


my script does simply:

move_uploaded_file($_FILES['new_file_file']['tmp_name'],
$this->path.$this->filename);
in my class...

it gives me:

Warning: move_uploaded_file() [function.move-uploaded-file.html]:
open_basedir restriction in effect.
File(c:\temp\php-uploads\phpD.tmp) is not within the allowed path(s):
(.)
in C:\neoportal\modules\mediaalbum\mediafile_class.php on line 95

it seems that a open_basedir check is made on the source file and not
only on the destination file. the file is correctly uploaded to
c:\temp\php-uploads\phpD.tmp but not moved to dest folder (that is a
subfolder of current dir so it's in the allowed path)

The same error is in PHPMYADMIN 2.3.3pl1 when i try to upload a file
.sql

Adding the c:\temp\ path to open basedir as ".;c:\temp\" doesn't help


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=21885&edit=1


-- 
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to