[PHP-BUG] Bug #51611 [NEW]: move_uploaded_file fails with open_basedir

Mon, 19 Apr 2010 21:24:38 -0700 

From:             
Operating system: linux 2.6.18
PHP version:      5.2.13
Package:          Safe Mode/open_basedir
Bug Type:         Bug
Bug description:move_uploaded_file fails with open_basedir

Description:
------------
I have this vhost settings:



<Location />

  php_admin_value   open_basedir     
/home/data/site.org/tmp/:/home/web/site.org/

  php_admin_value   doc_root          /home/web/site.org/

  php_admin_value   upload_tmp_dir    /home/data/site.org/tmp/

</Location>



doing a move_uploaded_file to the upload_tmp_dir result in a failure:



PHP Warning:  move_uploaded_file(): open_basedir restriction in effect.
File(/home/data/site.org/tmp/FLOSG5_new.000) is not within the allowed
path(s): (/home/data/site.org/tmp/:/home/web/site.org/) in
/home/web/site.org/fileupload.php on line 11



In the same error string is visible that the upload_tmp_dir path is in the
open_basedir directive.



I'm on a debian VM with linux 2.6.18 kernel, the /home dir is mounted via
NFS and apache is chrooted with mod_chroot. 

Test script:
---------------
Any simple upload script with these lines of code:



[...]

    $from = $_FILES['uploadedfile']['tmp_name'];

    $flog = ini_get('upload_tmp_dir').$_FILES['uploadedfile']['name'];

    move_uploaded_file($from,$flog);

[...]




-- 
Edit bug report at http://bugs.php.net/bug.php?id=51611&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=51611&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=51611&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=51611&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=51611&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=51611&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=51611&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=51611&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=51611&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=51611&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=51611&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=51611&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=51611&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=51611&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=51611&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=51611&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=51611&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=51611&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=51611&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=51611&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=51611&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=51611&r=mysqlcfg

Reply via email to