solved can't upload image/files problem

[Soma]

Once again, I got a problem with a hosting where I can't upload images/files.

It just uploads to 100% then the bar disappears and it's like before. In the post I see this message:

1. error: false
   
2. message: "Page not saved (no changes)"
   

Filepermission seems ok. Install went normal. Any ideas what to look for? I can provide phpinfo if needed.

PHP version is:

PHP/5.2.4-2ubuntu5.23

[ryan]

Soma, send me the phpinfo if you can. I'm wondering about any safe mode or open basedir settings.

[Soma]

I sent you a PM. Thanks. Safe mode is off.

[Soma]

I tried again with debug turned on. This seems to be issue with open_basedir

Warning: tempnam() [<a href=function.tempnam'>function.tempnam</a>]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www:/usr/share/php) in /var/www/web8/web/pw/wire/core/Upload.php on line 126

Can you tell me what I should tell them?

[ryan]

Soma, try setting PHP to use a different upload tmp dir, from your /site/config.php

ini_set('upload_tmp_dir', dirname(__FILE__) . '/assets/cache/'); 

[Soma]

Thanks for the suggestions. I tried and not luck. It seems it can't be overwritten.

[Soma]

The hoster reponded that the function http://php.net/manua...et-temp-dir.php is the problem, in that it returns the default temp dir /tmp always, and she's not confident with adding this because of security reasons.

Edit: and she says that this sys_get_temp_dir isn't compatible with open_basedir... what do you think?

Edit:

Strange, when I add instead of sys_get_temp_dir -> realpath( $_ENV['TMPDIR']); the upload works, althought it throws an notice which hinders the image to be shown. It show after reloading the page. So it seems to upload.

The notice I get is:

<b>Notice</b>: Undefined index: TMPDIR in <b>/var/www/web8/web/pw/wire/core/Upload.php</b> on line <b>125</b><br />

[{"error":false,"message":"Added file: teflon2.jpg","file":"\/pw\/site\/assets\/files\/1001\/teflon2.jpg","size":129854,"markup":

realpath( $_ENV['TMPDIR']) : returns -> /var/www/web8/web

sys_get_temp_dir: returns -> /tmp

Edit:

When I add @ before the @realpath( $_ENV['TMPDIR'] ); it works without the notice...

What you do think Ryan? How is this possible, and how to fix it so it works for all scenarios?

[ryan]

Soma, the code we're using right now to find the upload temp directory is this:

$dir = ini_get('upload_tmp_dir');
if(!$dir || !is_writable($dir)) $dir = sys_get_temp_dir();

sys_get_temp_dir() is only used as a fallback if the system has no defined upload_tmp_dir.

I would think that if a host were to be using open_basedir() they should at least set an upload_tmp_dir in their PHP, or at the very least, allow you to set it (with a site-specific php.ini or something). It seems like their PHP settings may be set to discourage use of file uploads. Here's a couple of related threads:

The error you are getting with the $_ENV['TMPDIR'] indicates that there's no value set for TMPDIR. So your realpath() call is very likely operating on the value NULL and returning the web root (which may be writable, but not desirable).

---

Edit: just added a new $config->uploadTmpDir that you can set in your /site/config.php. This will override PHP's upload_tmp_dir for ajax uploads only (I don't think we can override that on non-ajax uploads). I recommend creating this dir:

/site/assets/uploads/

Then add it to the disallowed directories in your .htaccess file. Basically add it in with the other assets dirs like cache and sessions.

Then update your /site/config.php:

$config->uploadTmpDir = dirname(__FILE__) . '/assets/uploads/';

Now see if it works?

[Soma]

Thanks so much Ryan for the active help! But finally we sorted it out, and she agreed to add the /var/.../phptmp folder, that was already there in the web root, to the php ini "upload_tmp_dir". Now it works again flawless.

Anyway, the new available option you implemented may come in useful for someone.