possible security problem

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
edis
Forum Newbie
Posts: 2
Joined: Wed Feb 25, 2009 6:34 pm

possible security problem

Post by edis »

hi everyone,

File upload on my wamp for windows simply not working, the code looks like this:

<form enctype="multipart/form-data" action="uploads/uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>

it is very simple and I just want my server to accept the file and to be sure in it.
As I cannot find other problem that would possibly cause following problem:

Warning: move_uploaded_file(uploads/file.txt) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\wamp\www\try_upload\uploads\uploader.php on line 7

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\wamp\tmp\php23B3.tmp' to 'uploads/file.txt' in C:\wamp\www\try_upload\uploads\uploader.php on line 7
There was an error uploading the file, please try again!

I have no other option than to think that the problem is somewhere in configuration and security constrains.
Can anyone help me please thanks in advance.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: possible security problem

Post by kaisellgren »

First of all, use code tags around your code...

I think the problem might be that PHP is not able to create that "upload" folder?

I doubt this has anything to do with security, but I'll leave it for now...
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: possible security problem

Post by VladSun »

Use absolute path for $target_path
There are 10 types of people in this world, those who understand binary and those who don't
edis
Forum Newbie
Posts: 2
Joined: Wed Feb 25, 2009 6:34 pm

Re: possible security problem

Post by edis »

thanks a lot
Post Reply