Page 1 of 1

possible security problem

Posted: Wed Feb 25, 2009 6:41 pm
by edis
hi everyone,

File upload on my wamp for windows simply not working, the code looks like this:

<form enctype="multipart/form-data" action="uploads/uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>

it is very simple and I just want my server to accept the file and to be sure in it.
As I cannot find other problem that would possibly cause following problem:

Warning: move_uploaded_file(uploads/file.txt) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\wamp\www\try_upload\uploads\uploader.php on line 7

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\wamp\tmp\php23B3.tmp' to 'uploads/file.txt' in C:\wamp\www\try_upload\uploads\uploader.php on line 7
There was an error uploading the file, please try again!

I have no other option than to think that the problem is somewhere in configuration and security constrains.
Can anyone help me please thanks in advance.

Re: possible security problem

Posted: Wed Feb 25, 2009 6:56 pm
by kaisellgren
First of all, use code tags around your code...

I think the problem might be that PHP is not able to create that "upload" folder?

I doubt this has anything to do with security, but I'll leave it for now...

Re: possible security problem

Posted: Wed Feb 25, 2009 6:58 pm
by VladSun
Use absolute path for $target_path

Re: possible security problem

Posted: Thu Feb 26, 2009 11:47 am
by edis
thanks a lot