PHP UPLOAD_ERR_OK, however no file

[fooman]

I have a script that uploads a file.

if(!@move_uploaded_file($this->file, $this->filename))

throw new Exception($this->check_file_error($this->file)."
".$this->filename);

This always return the UPLOAD_ERR_OK error from move_uploaded_file().
How do I go about tracking down the issue? Every time I read about that error code online, I read that all should be good-to-go, however my file is not in the upload directory.

[__]

Test it by visiting the page directly (not using Ajax).

To get around safe mode, turn safe mode **off**. Talk to your host. If they won’t do it, I’d honestly suggest finding a new host.

Safe mode solves nothing, creates a false sense of security, and (obviously) is a hindrance for you.

In addition, safe mode is deprecated and was removed in PHP 5.4.

[__]

“Safe Mode” was created to try and limit the damage of a potential attack where the server was compromised (e.g., where an attacker managed to upload their own scripts; or, to prevent a malicious webmaster from taking over a shared server).

The idea was to limit each PHP user to their own directory sub-tree (so it would not be possible to access files/directories belonging to other users and/or the operating system). It also disables/restricts certain functions (generally, filesystem-related functions).

Problem is, it’s useless. If safe mode is on, PHP might not be able to read the `tmp/` directory and steal sessions from other users, but that assumes that the attacker doesn’t know how to do the same thing with perl (or bash, etc.). This is the sort of problem that needs to be addressed at the server level, not the PHP level.

In the meantime, you see the phrase “safe mode” and assume that means that everything is safe. So you stop worrying about possible weaknesses in your scripts. Guess what happens next? :)

And, in the meantime, you can’t do useful things like creating a new directory to store a temporary file in.

[Author]

Posts