open_basedir and uploads [Archive]

View Full Version : open_basedir and uploads

pascal

09-30-2006, 01:03 PM

Hello,

It's look like there is a pbm wether in php or chroot env or in some softs.

We use open_basedir to restrict the directories a user might use.

for example
php_admin_value open_basedir "/chroot/home/webalpac:/tmp"

Some users complains for their uploads doesn't work in some softwares like :
oscommerce
dotproject

Here is an error returned by the soft
Error: File upload not saved.

1: [client 62.147.195.25] PHP Warning: move_uploaded_file(): open_basedir restriction in effect. File(/home/webalpac/webalpa.com/html/boutique123/images/80_photo3.jpg) is not within the allowed path(s): (/chroot/home/webalpac/webalpa.com/html:/tmp) in /chroot/home/webalpac/webalpa.com/html/boutique123/admin/includes/classes/upload.php on line 94, referer: http://webalpa.com/boutique123/admin/categories.php?cPath=&action=new_product

As you can see the error say the file /home/webalpac/webalpa.com/html/boutique123/images/80_photo3.jpg is not in an allowed path, which are /chroot/home/webalpac/webalpa.com/html:/tmp

So the file is in the allowed path.

I've also tried to add in the open_basedir the /home/webalpac rather than /chroot/home/webalpac but the result is exactly the same.

Any ideas ?

Pascal

IWorx-Chris

09-30-2006, 01:05 PM

pascal

09-30-2006, 01:19 PM

This isn't going to b a great fix but you could probably change the oscommerce / dotproject config files to reference /chroot/home where they reference /home now. I'm not sure why PHP isn't doing a 'realpath' and resolving the actual paths but the above should fix the error at least.

Chris

I've already done this but the problem is the same. It's look like they use move_iuploqded_file and looks like it might be a php bug.

Thanks

Pascal

IWorx-Chris

09-30-2006, 01:43 PM

hmm. it's definitely possible that it's a PHP bug. I've run into more bugs in the open_basedir stuff than I'd care to mention.

Chris