Topic: php.ini

[davelister]

G'day

Once again I come humbling looking for advise and help

I suspect I have stuffed my php.ini all of my wordpress sites are now unable to upload automatically to wp-content/uploads folder. I can upload via ftp with no problems, and I have checked all of my permissions on the directories needed.

I have checked out my php configuration and noticed the 'upload_tmp_dir' is set at 'no value'. Could someone please confirm that 'no value' is the default setting within php configuration?

[cactus]

I suspect I have stuffed my php.ini all of my wordpress sites are now unable to upload automatically to wp-content/uploads folder. I can upload via ftp with no problems, and I have checked all of my permissions on the directories needed.

AFAIK this is default behavior and you did not stuff anything.

I have checked out my php configuration and noticed the 'upload_tmp_dir' is set at 'no value'. Could someone please confirm that 'no value' is the default setting within php configuration?

AFAIK that is default. But to be sure you can check that you do not have the following folders:
/etc/e-smith/templates-custom/etc/php/
/etc/e-smith/templates-user/etc/php/
/etc/e-smith/templates-user-custom/etc/php/
If they do not exist you do not have custom template fragments and all is done using the normal template fragments and the internal configuration database.

All internal configuration settings can be reviewed with the following command:

Code: [Select]

db configuration show php

[davelister]

thanks very much for the help cactus... I nearly went blind re reading the manual

I fixed the problem by the following and would love to know if there are any mistakes I should be aware of:

db accounts setprop IBAYNAMEHERE PHPBaseDir /home/e-smith/files/ibays/IBAYNAMEHERE/:/tmp

signal-event ibay-modify IBAYNAMEHERE

[cactus]

I am not sure that uploading to /tmp really is what you desire. It might be a security issue IIRC.

[Normando]

I am not sure that uploading to /tmp really is what you desire. It might be a security issue IIRC.

Cactus, a lot of php aplications need to store temporary files under the defined directory in php.ini wich is /tmp. See session.save_path in php.ini.

So, OpenBaseDir configuration including /tmp is correct.

[cactus]

Cactus, a lot of php aplications need to store temporary files under the defined directory in php.ini wich is /tmp. See session.save_path in php.ini.

If almost everyone does it, it does not make it safe. I see lots of people crossing busy streets when the red light is on... but that does not make it safe does it?

So, OpenBaseDir configuration including /tmp is correct.

I never said it was incorrect... I said it might be a security issue.

[davelister]

thanks for the input everyone.

Cactus I value your input regarding security, is there another option I can follow? At the moment our company website uses a wordpress theme which requires the upload in order to rotate the 'feature image', the company also runs a contact database which requires the upload feature for photos to make student id cards and library cards. If there is another way I would love to give it a go.

[janet]

davelister

IIRC you create a tmp folder under the ibay html folder ie
.../ibayname/html/tmp/
and then specify that location using the db command mentioned.
That way different apps use different tmp folders and hackers cannot gain access via unintended web access granted to other files in /tmp, which may be associated with buggy apps or apps with security vulnerabilities.

[davelister]

I think I understand it now: I can create a tmp folder in the ibay and give permission using the db command just to that tmp directory in the ibay and then associate that app with the tmp folder created.

mmm seeing how I am the only guy here with the slightest chance of looking after IT, and I am only part time... security is the number one importance for the people here. So I might have to come up with an alternative plan for the wordpress 'featured image' and the upload images for the ID cards.

Thanks for input people. If anyone else has some suggestions I would be keen to hear form you

[Normando]

I can't found a solution to this issue. I have disable /tmp in allowed paths, and now I can't upload images to WP. Also I read WP forums and added a new WP variable named WP_TEMP_DIR to the folder I have created at ibay/html/tmp, but not work.

Also horde use the /tmp folder. Look at horde config.php file