SAFE_MODE and FileUpload

Anon

we are trying to install php on a multiple server platform with safe_mode enabled.
Fileupload is not working. We changed the tmp-directory to "./tmp" (as advised in the user contributed notes on php.net). Still doesn't work.

Has anyone got a clue?

Thanks in advance

Thomas

polson

Check out :

http://marc.theaimsgroup.com/?l=php-general&m=97932037429695&w=2

Anon

Supposing your server is Apache and PHP is an Apache module, then the file is uploaded with a owner of NOBODY (I mean, the Apache user). In safe mode, PHP won't open files if their owner is not the same as the PHP script's owner.

So you can set the script's owner to be the user who is running the Apache server, or you can set up SUID script to change the owner of the uploaded file to the owner of the PHP script.

Both solutions have their drawbacks. I think PHP sources should be changed to alleviate the file owner check when the file is an uploaded one.