[SOLVED] is_uploaded_file and relative paths
Posted: Tue Nov 10, 2009 8:09 pm
Hi,
I have a problem related to php security measures and relative paths (should I post it in the security section maybe?)
I am uploading files to www.mywebsite.com/tmp_upload/
which is actually /1175/public_html/tmp_upload/
This is a Linux server running PHP. Unfortunately its not really easy to customize and I am not in powers to change it to a better company.
To allow file uploads into /1175/public_html/tmp_upload/, I need to create a php.ini file in /1175/public_html/cgi_bin
Here it is:
The files are being sent in correctly, I have a couple of files called like phpWgrkaK which I've sent testing my program. Also, a proof, print_r($_FILES);:
The bad news: I'm in http://www.mywebsite.com/admin_global.php and the returned path to the file is pretty much impossible to reach
I want to move the files to /1175/public_html/uploads. All my .php files are located in the website root, /1175/public_html/
Here are two pieces of code I have prepared for two scenarios. Firstly, do as all tutorials say:
move_uploaded_file returns false without any warnings:
now move_uploaded_file returns false without any warnings. I have read that it means that the security measurements failed. And actually:
For the first scenario, with unreachable path:it returns true! Yes, http://www.mywebsite.com/../tmp_uploads/index.txt exists....
For the second scenario where removed the ../ so that I can actually reach the file, returns false and PHP forbids me from moving. It's a good idea from PHP developer since I could move some vital files somewhere else. However, is there any way I can walk around it? Or maybe there is some directive for the php.ini that would fix the relative paths? I guess there must be some trivial answer to this
I tried writing in .ini "upload_tmp_dir = "/tmp"" and I've created tmp files with proper permissions everywhere I could, which is /1175/public_html/tmp and /1175/tmp but files could not be saved there (due to UPLOAD_ERR_NO_TMP_DIR)
I would appreciate your help, thank you
Amadeo
I have a problem related to php security measures and relative paths (should I post it in the security section maybe?)
I am uploading files to www.mywebsite.com/tmp_upload/
which is actually /1175/public_html/tmp_upload/
This is a Linux server running PHP. Unfortunately its not really easy to customize and I am not in powers to change it to a better company.
To allow file uploads into /1175/public_html/tmp_upload/, I need to create a php.ini file in /1175/public_html/cgi_bin
Here it is:
Code: Select all
; Whether to allow HTTP file uploads.
file_uploads = 1
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = "../tmp_upload"
; Maximum allowed size for uploaded files.
upload_max_filesize = 2MCode: Select all
Array
(
[uploadedfile] => Array
(
[name] => index.txt
[type] => text/plain
[tmp_name] => ../tmp_upload/php6VddXd
[error] => 0
[size] => 121
)
)I want to move the files to /1175/public_html/uploads. All my .php files are located in the website root, /1175/public_html/
Here are two pieces of code I have prepared for two scenarios. Firstly, do as all tutorials say:
Code: Select all
$target_path = "uploads/" . basename( $_FILES['uploadedfile']['name']);
move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))So I think, "hey that's easy, i'll just remove the trailing ../"Warning: move_uploaded_file(../tmp_upload/php6VddXd) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/1/8/9/1175/1175/public_html/admin_global.php on line 157
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '../tmp_upload/php6VddXd' to 'uploads/index.txt' in /home/1/8/9/1175/1175/public_html/admin_global.php on line 157
Code: Select all
$target_path = "uploads/" . basename( $_FILES['uploadedfile']['name']);
move_uploaded_file(substr(($_FILES['uploadedfile']['tmp_name']), 3), $target_path))For the first scenario, with unreachable path:
Code: Select all
is_uploaded_file($_FILES['uploadedfile']['tmp_name'])For the second scenario where removed the ../ so that I can actually reach the file,
Code: Select all
is_uploaded_file(substr(($_FILES['uploadedfile']['tmp_name']), 3))I tried writing in .ini "upload_tmp_dir = "/tmp"" and I've created tmp files with proper permissions everywhere I could, which is /1175/public_html/tmp and /1175/tmp but files could not be saved there (due to UPLOAD_ERR_NO_TMP_DIR)
I would appreciate your help, thank you
Amadeo