Re: move_uploaded_file breaks safe_mode restrictions in PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

maybe i should simply quote the documentation at:

http://www.php.net/manual/en/function.move-uploaded-file.php

it says:

Note: move_uploaded_file() is not affected by the normal safe-mode 
UID-restrictions. This is not unsafe because move_uploaded_file() 
only operates on files uploaded via PHP. 

maybe all the guys complaining should first read the documentation
of move_uploaded_file. It is wrong because it states that 
move_uploaded_file is safe_mode unaware (and it was only not aware
of safe_mode because of that bug) but how comes you assume it is
safe_mode aware if the documentation says it is not?
Before crying around: RTFM. And feel free to disable 
move_uploaded_file () in your php.ini

The next release of php will have move_uploaded_file() fully
safe_mode aware. This feature is now added.

Stefan Esser


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux