Reply to Re: file not uploaded to the wanted location

Re: file not uploaded to the wanted location new!
# Reply
by Tom, 18 years ago
Hi Colin,

This is what my ISP suggests:

"PHP includes a function specifically to do what is described above and which works with "open_basedir" restrictions (that is partially why it
was created in the first place):
http://ca.php.net/manual/en/function.is-uploaded-file.php

Code should never be working out of the global temp directory since that would be a security issue (i.e. if you can access it directly, so can other
customers). It is the same concept as why user code should not have direct access to the global session directory.

So the upload class needs to use "is_uploaded_file()" and "move_uploaded_file()" for sanity checking and moving the upload to a local directory respectively. Any actual manipulation of the file definitely needs to happen locally in your account.

Here is what the uplaod class should be doing for its file test (assuming that "file_src_pathname" has been taken from the $_FILES array value for "tmp_name"):

if ($this->processed && !is_uploaded_file($this->file_src_pathname)) {
  $this->processed = false;
  $this->error = _("No source file. Can't carry on a process");
}

"file_exists()" can only access files which are within the "open_basedir" setting.

So I did that and tried another PDF upload, and I now get a different error:

file not uploaded to the wanted location
Error: Source file is not readable. Can't carry on a process

source is an uploaded file
- upload OK
- file name OK
- source variables
    file_src_name         : emrys_cv_jan2004.pdf
    file_src_name_body    : emrys_cv_jan2004
    file_src_name_ext     : pdf
    file_src_pathname     : /data/temp/phpG22U2X
    file_src_mime         : application/pdf
    file_src_size         : 1490859 (max= 134217728)
    file_src_error        : 0
process file to /data/in/b/beverley/www/select/locations/test/
- file size OK
- file mime OK : application/pdf
- file name safe format
- destination variables
    file_dst_path         : /data/in/b/beverley/www/select/locations/test/
    file_dst_name_body    : emrys_cv_jan2004
    file_dst_name_ext     : pdf
- image operation, keep extension
- checking for auto_rename
- destination file details
    file_dst_name         : emrys_cv_jan2004.pdf
    file_dst_pathname     : /data/in/b/beverley/www/select/locations/test/emrys_cv_jan2004.pdf
- emrys_cv_jan2004.pdf doesn't exist already

Maybe that will help isolate the problem.

TomReply

Your reply

Name *
Email 
Title *
Text *
CAPTCHA image
Enter the code displayed on the image:
Click on the image to generate another one if it is hard to read it. The case is important