On Jan 20, 9:17 pm, "Batmanuel" <antonioet...@gmail.comwrote:
Good evening people, little question here... I'm trying to get this
file upload script to work but it tells me that move_uploaded_file()
fails because it doesn't have permission for the /tmp directory where
the file is before the move. I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?
Thanks for any help you can provide...
Well, I've long since fixed it and shamefully forgot to check my thread
here. I apologize for that, guys.
>double check, I would guess that you do not have permissions for
the target directory. I ran into the same problem and had to
chmod to give other write to that directory, which is a problem.
move_uploaded file runs with the php or apache user, not you.
bill
Yup, that was mostly it. I'll try to make it so that only the apache
user has permissions now that you mention it. Its probably safer that
way.
>Did you notice the /tmp folder should exist on your webserver, not on your
local drive? I made that mistake earlier and it took me quite some time to
solve the problem...
Excellent point, I hadn't noticed that but I ended up making a temp
folder of my own just for the purposes of the site so wouldn't have to
mess with the permissions of my /tmp directory.
>Giving the target directory write permissions isn't necessarily a big
risk, but you do need to try and ensure that your scripts can't be used
to move arbitrary files to the target directory, so check content-type
and file extension.
--
Curtis
Will do. Thanks for the input guys and again, I'm sorry I forgot about
this topic here.