• # February 15, 2013 at 11:23 am

    I have a script that uploads a file.

    if(!@move_uploaded_file($this->file, $this->filename))
    throw new Exception($this->check_file_error($this->file)."

    This always return the UPLOAD_ERR_OK error from move_uploaded_file().
    How do I go about tracking down the issue? Every time I read about that error code online, I read that all should be good-to-go, however my file is not in the upload directory.

    # February 15, 2013 at 1:53 pm

    This reply has been reported for inappropriate content.

    Seems it’s a SAFE MODE issue. The above was part of an AJAX script, so the gross PHP error(s) was not something I was able to see.

    Is there a way to get around this Safe Mode issue?

    Warning: mkdir() [function.mkdir]: SAFE MODE Restriction in effect. The script whose uid is 10055 is not allowed to access /var/www/vhosts/ owned by uid 48 in /var/www/vhosts/ on line 21

    Also, any idea how to actual return those types of errors from an AJAX PHP script?

    # February 15, 2013 at 7:03 pm

    Test it by visiting the page directly (not using Ajax).

    To get around safe mode, turn safe mode **off**. Talk to your host. If they won’t do it, I’d honestly suggest finding a new host.

    Safe mode solves nothing, creates a false sense of security, and (obviously) is a hindrance for you.

    In addition, safe mode is deprecated and was removed in PHP 5.4.

    # February 17, 2013 at 11:23 pm

    This reply has been reported for inappropriate content.

    I have read PHP’s documentation, or lack thereof, of safe mode. Can you explain, if your own words, what it is and what it attempts to accomplish? Often, it’s best to hear it from someone not writing a tech document haha.

    I have gotten around this by using ftp commands in the PHP script. I’m not sure why, but it uses a different ownership of the created folder and the actions I am able to accomplish with it. A little but of fiddling around to get it going, but it works and is a great little work-around to know about.

    # February 17, 2013 at 11:49 pm

    “Safe Mode” was created to try and limit the damage of a potential attack where the server was compromised (e.g., where an attacker managed to upload their own scripts; or, to prevent a malicious webmaster from taking over a shared server).

    The idea was to limit each PHP user to their own directory sub-tree (so it would not be possible to access files/directories belonging to other users and/or the operating system). It also disables/restricts certain functions (generally, filesystem-related functions).

    Problem is, it’s useless. If safe mode is on, PHP might not be able to read the `tmp/` directory and steal sessions from other users, but that assumes that the attacker doesn’t know how to do the same thing with perl (or bash, etc.). This is the sort of problem that needs to be addressed at the server level, not the PHP level.

    In the meantime, you see the phrase “safe mode” and assume that means that everything is safe. So you stop worrying about possible weaknesses in your scripts. Guess what happens next? :)

    And, in the meantime, you can’t do useful things like creating a new directory to store a temporary file in.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.