From: nlgordon at gmail dot com Operating system: RHEL 4 PHP version: 5.2.5 PHP Bug Type: Safe Mode/open_basedir Bug description: upload_tmp_dir permissions failure
Description: ------------ Given the following scenario: open_basedir enabled to /var/www/foo upload_tmp_dir set to /var/www/foo/tmpdir No free file space to handle the upload in the temp dir specified. Causes PHP to throw an error that doesn't make a lot of sense to my end users: Warning: Unknown: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/foo/tmpdir) in Unknown on line 0 This makes things look like a permissions issue. I have tracked down the source of the error to main/php_open_temporary_file.c:254 There is a comment there that if the first attempt fails, it will use the system temp dir. While that might be fine on systems without open_basedir enabled, it can cause some confusing error messages otherwise. The error message of "File upload error - unable to create a temporary file" is perfect for this error, and it does show up. It just isn't the first or most noticeable error. I notice that in the php_get_temporary_directory function (which is what determines /tmp as the temp dir) that there are options for changing this default. I plan on setting TMPDIR per vhost as a work around, but this seems unnecessary as I already set upload_tmp_dir. I'm not sure what the perfect answer to this is, but I'm not sure I agree with magically changing something I specifically set without telling me. Some of the extremists might even label this a security issue. -- Edit bug report at http://bugs.php.net/?id=44562&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44562&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44562&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44562&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44562&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44562&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44562&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44562&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44562&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44562&r=support Expected behavior: http://bugs.php.net/fix.php?id=44562&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44562&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44562&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44562&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44562&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44562&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44562&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44562&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44562&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44562&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44562&r=mysqlcfg