ID: 21885 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open -Bug Type: Filesystem function related +Bug Type: Documentation problem Operating System: Windows XP - IIS PHP Version: 4.3.0 New Comment:
This was changed because of this bug: http://bugs.php.net/bug.php?id=16128&edit=1 And it will stay. Reclassified as documentation prob. Previous Comments: ------------------------------------------------------------------------ [2003-01-27 17:11:21] [EMAIL PROTECTED] yes - i have the same problem with php running as cgi in windows 2000 pro with IIS. it used to work just fine, but now with 4.3.0 i get the same error. it seems like this is a bug, because the documentation specifically says: move_uploaded_file() is not affected by the normal safe-mode UID-restrictions. This is not unsafe because move_uploaded_file() only operates on files uploaded via PHP. even though open_basedir is not safe_mode i think the same logic should apply! meanwhile i'll just add the temp dir to open_basedir is a quickfix. ------------------------------------------------------------------------ [2003-01-27 15:35:20] [EMAIL PROTECTED] Yeah this behavior has changed, it didn't do this in 4.2.3. It seems like it *used to* bypass the open_basedir check when using move_uploaded_file on a file in upload_tmp_dir. Or rather, it added one's upload_tmp_dir to open_basedir automatically (bug 17488). Could someone comment as to whether or not this is a permanent change, and if so, perhaps document it somewhere on php.net? (FreeBSD 4.6-STABLE Apache/1.3.27 PHP/4.3.0 apxs, safe_mode=Off) ------------------------------------------------------------------------ [2003-01-27 06:36:28] [EMAIL PROTECTED] no that is my writing fault on this submission :) ------------------------------------------------------------------------ [2003-01-27 05:25:48] [EMAIL PROTECTED] missing _ in open_basedir ? ------------------------------------------------------------------------ [2003-01-26 05:01:33] [EMAIL PROTECTED] i've a script that worked well with 4.2.2, this scripts makes an upload my ini is set to: open basedir=. ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). upload_tmp_dir ="c:\temp\php-uploads" ; Maximum allowed size for uploaded files. upload_max_filesize = 6M my script does simply: move_uploaded_file($_FILES['new_file_file']['tmp_name'], $this->path.$this->filename); in my class... it gives me: Warning: move_uploaded_file() [function.move-uploaded-file.html]: open_basedir restriction in effect. File(c:\temp\php-uploads\phpD.tmp) is not within the allowed path(s): (.) in C:\neoportal\modules\mediaalbum\mediafile_class.php on line 95 it seems that a open_basedir check is made on the source file and not only on the destination file. the file is correctly uploaded to c:\temp\php-uploads\phpD.tmp but not moved to dest folder (that is a subfolder of current dir so it's in the allowed path) The same error is in PHPMYADMIN 2.3.3pl1 when i try to upload a file .sql Adding the c:\temp\ path to open basedir as ".;c:\temp\" doesn't help ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=21885&edit=1 -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php