Bug #16128 Updated: move_uploaded_file breaks safe_mode and open_basedir restrictions

Mon, 18 Mar 2002 16:03:04 -0800 

 ID:               16128
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Closed
 Bug Type:         *General Issues
 Operating System: Linux 2.4.13
 PHP Version:      4.1.2
 New Comment:

there was a typo in main/safe_mode.c, that was fixed some days ago.
This typo is responsible for checkuid failing. You must apply this fix,
too.


Previous Comments:
------------------------------------------------------------------------

[2002-03-18 17:24:08] [EMAIL PROTECTED]

I applied the patch from CVS (The CVS itself fucked up almost all my
hosted sites), so I added :

if (php_check_open_basedir(Z_STRVAL_PP(new_path) TSRMLS_CC)) {
RETURN_FALSE; } 

on row 2473 in ./ext/standard/basic_functions.c

I have disabled the open_basedir restriction for root.net-force.nl and
I was able to upload to any directory that apache has write access
too.

However, this could also be by design. Because without open_basedir PHP
is not limited to a certain directory. And therefore PHP should indeed
be able to write to any directory where PHP has write access. 

Or perhaps this is not wat wouter means :) If thats the case, sorry to
bug you ;)

------------------------------------------------------------------------

[2002-03-18 14:20:46] [EMAIL PROTECTED]

I advise you to test the CVS version before claiming this.


------------------------------------------------------------------------

[2002-03-18 14:18:10] [EMAIL PROTECTED]

In CVS it's fixed _if_ you use open_basedir. But if you don't, the
php_checkuid fails to do it's work...

------------------------------------------------------------------------

[2002-03-17 16:03:34] [EMAIL PROTECTED]

This bug has been fixed in CVS.



------------------------------------------------------------------------

[2002-03-17 15:21:37] [EMAIL PROTECTED]

The script in this example is a bit crippled due to wordwrapping. Here
is the original script:

http://root.net-force.nl/prog.txt

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/16128

-- 
Edit this bug report at http://bugs.php.net/?id=16128&edit=1

Reply via email to