throw new Exception($this->check_file_error($this->file)." ".$this->filename);
This always return the UPLOAD_ERR_OK error from move_uploaded_file().
How do I go about tracking down the issue? Every time I read about that error code online, I read that all should be good-to-go, however my file is not in the upload directory.
Seems it’s a SAFE MODE issue. The above was part of an AJAX script, so the gross PHP error(s) was not something I was able to see.
Is there a way to get around this Safe Mode issue?
Warning: mkdir() [function.mkdir]: SAFE MODE Restriction in effect. The script whose uid is 10055 is not allowed to access /var/www/vhosts/digitalmedia.ca/httpdocs/test-dir/test-subdir owned by uid 48 in /var/www/vhosts/digitalmedia.ca/httpdocs/upload-test.php on line 21
Also, any idea how to actual return those types of errors from an AJAX PHP script?
I have read PHP’s documentation, or lack thereof, of safe mode. Can you explain, if your own words, what it is and what it attempts to accomplish? Often, it’s best to hear it from someone not writing a tech document haha.
I have gotten around this by using ftp commands in the PHP script. I’m not sure why, but it uses a different ownership of the created folder and the actions I am able to accomplish with it. A little but of fiddling around to get it going, but it works and is a great little work-around to know about.
“Safe Mode” was created to try and limit the damage of a potential attack where the server was compromised (e.g., where an attacker managed to upload their own scripts; or, to prevent a malicious webmaster from taking over a shared server).
The idea was to limit each PHP user to their own directory sub-tree (so it would not be possible to access files/directories belonging to other users and/or the operating system). It also disables/restricts certain functions (generally, filesystem-related functions).
Problem is, it’s useless. If safe mode is on, PHP might not be able to read the `tmp/` directory and steal sessions from other users, but that assumes that the attacker doesn’t know how to do the same thing with perl (or bash, etc.). This is the sort of problem that needs to be addressed at the server level, not the PHP level.
In the meantime, you see the phrase “safe mode” and assume that means that everything is safe. So you stop worrying about possible weaknesses in your scripts. Guess what happens next? :)
And, in the meantime, you can’t do useful things like creating a new directory to store a temporary file in.