On Mon, June 25, 2007 7:13 pm, Marius Toma wrote:
I can not create .php files from PHP. I can save them as *.php5,
*.php3,
asp, *.txt , etc... but not as .php. I tried both touch and fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache 2, safe_mode is off
Is this a security
On Wednesday 27 June 2007 06:32, Edward Vermillion wrote:
Most /tmp directories are world rwx. So anyone that can log into the
server through a shell, or any account running on the server, has at
least read access to anything in the /tmp directory. They wouldn't
need to do it through a web
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can not create the
file :(
Thank for your time,
On 6/26/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can not
On 6/26/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can not
On 6/26/07, Daniel Brown [EMAIL PROTECTED] wrote:
On 6/26/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so
On 6/26/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can not
You might also consider looking at variable variables and dynamic PHP
(writing and evaluating php expressions on the fly).
http://us.php.net/variables.variable
http://us.php.net/eval
Writing the PHP to a file could be a potential security vulnerability.
Especially if this was going to go
Would it not be better to create the file with tmpfile() and to put it in the
system /tmp dir; which, I believe, is generally not in the webspace?
Daniel Brown wrote:
On 6/26/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not believe how stupid I can be sometime.
I was trying to create a
On 6/26/07, Al [EMAIL PROTECTED] wrote:
Would it not be better to create the file with tmpfile() and to put it in the
system /tmp dir; which, I believe, is generally not in the webspace?
The problem here, though, Al, is that it relies on the server
admin not to be lazy, and to have the box
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I thought that the php engine took care of deleting tmp files when the
script ended.
Thus, if his script is terminated before his code deletes the file, the
engine will insure it's deleted. Otherwise, he should use an
ignore_user_abort().
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this becomes possible, as Apache
will most likely be running universally as `nobody`, `httpd`,
`apache`, or `daemon`
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this becomes possible, as Apache
will most likely be
On 6/26/07, Crayon Shin Chan [EMAIL PROTECTED] wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box,
On Jun 26, 2007, at 3:31 PM, Crayon Shin Chan wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this
... if you really couldn't write it as dynamic PHP -- you could also
save it in a database.
Edward Vermillion wrote:
On Jun 26, 2007, at 3:31 PM, Crayon Shin Chan wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider [EMAIL PROTECTED] wrote:
I think most
On 6/25/07, Marius Toma [EMAIL PROTECTED] wrote:
I can not create .php files from PHP. I can save them as *.php5, *.php3,
asp, *.txt , etc... but not as .php. I tried both touch and fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache 2, safe_mode is off
Is this a security measure
On Jun 25, 2007, at 5:13 PM, Marius Toma wrote:
I can not create .php files from PHP. I can save them as *.php5,
*.php3, asp, *.txt , etc... but not as .php. I tried both touch and
fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache 2, safe_mode is off
Is this a security measure
On Jun 25, 2007, at 9:08 PM, jekillen wrote:
On Jun 25, 2007, at 5:13 PM, Marius Toma wrote:
I can not create .php files from PHP. I can save them as *.php5,
*.php3, asp, *.txt , etc... but not as .php. I tried both touch and
fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache
19 matches
Mail list logo
