Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: move_uploaded_file breaks safe_mode restrictions in PHP
From: sesser () php net
Date: Fri, 22 Mar 2002 11:05:23 +0100

Hi,

maybe i should simply quote the documentation at:

http://www.php.net/manual/en/function.move-uploaded-file.php

it says:

Note: move_uploaded_file() is not affected by the normal safe-mode 
UID-restrictions. This is not unsafe because move_uploaded_file() 
only operates on files uploaded via PHP. 

maybe all the guys complaining should first read the documentation
of move_uploaded_file. It is wrong because it states that 
move_uploaded_file is safe_mode unaware (and it was only not aware
of safe_mode because of that bug) but how comes you assume it is
safe_mode aware if the documentation says it is not?
Before crying around: RTFM. And feel free to disable 
move_uploaded_file () in your php.ini

The next release of php will have move_uploaded_file() fully
safe_mode aware. This feature is now added.

Stefan Esser


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]