Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Stephen Sloan on February 28, 2002, 10:48:41 PM
-
I'm working on an application that uses PHP as a front end to a mySQL database. Part of the application uploads an image file (jpg) into the database table. I'm getting the following error messages:
"Warning: open_basedir restriction in effect. File is in wrong directory in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141
Warning: fopen("/tmp/phpFbCqoY","rb") - Operation not permitted in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141
Warning: Supplied argument is not a valid File-Handle resource in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141"
Line 141 is: "$data = addslashes(fread(fopen($binFile, "rb"), filesize($binFile)));"
Anyone got any ideas about this error. Is this a restriction on ibays (the application is running in an ibay).
BTW
I'm not much of a programer so keep the replies basic. I'm trying to reconfigure a script I copied from someone else.
-
First of all, MySQL has nothing to do with this problem.
The user which is running apache (www) is not allowed to read the file $binFile. If you fix that, the problem will be solved.
-
A search of these forums will reveal a few discussions on the PHP security feature thats currently causing you grief. ( eg http://forums.contribs.org/index.php?topic=12706.msg47725#msg47725 )
Regards,
Luke
-
Thanks Luke, your fix solved my problem. What security implications does this have, especially in light of the recent hole discovered in PHP?
http://security.e-matters.de/advisories/012002.html
-
Your guess is as good as mine. I'm not sure whether the current hole allows files outside of the 'sandbox' to be altered or not.
Regards,
Luke