12 Dec
2006
12 Dec
'06
12:11 p.m.
Hi,
is there an option to select a file from a user directory to be filled
into a field?
if so, than tbl_replace_fields.inc.php handles this, but it uses
move_uploaded_file() on this file, did anybody test this this?
does this work?
move_uploaded_file() should only work on files uploaded by form ...
--
Sebastian Mendel
www.sebastianmendel.de
12 Dec
12 Dec
12:33 p.m.
Sebastian Mendel a écrit :
Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form.
Marc
12:57 p.m.
Marc Delisle schrieb:
Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm?
--
Sebastian Mendel
www.sebastianmendel.de
Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form.
1:07 p.m.
Sebastian Mendel schrieb:
Marc Delisle schrieb:
after manually creating this ./tmp/ directory in /phpMyAdmin/
move_uploaded_file() returns false - this is what i expected
my questions are:
is it inetentionally that phpMyAdmin does not try to create this ./tmp/
folder or use a config variable for this?
did anyone test if PHP can move a file out of the open_basedir into the
open_basedir ??? this would be senseless ...
--
Sebastian Mendel
www.sebastianmendel.de
Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm? Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested
a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form.
1:12 p.m.
Sebastian Mendel a écrit :
Sebastian Mendel schrieb:
This might be impossible on a server running in safe mode, ownership
would be wrong.
Marc Delisle schrieb:
after manually creating this ./tmp/ directory in /phpMyAdmin/
move_uploaded_file() returns false - this is what i expected
my questions are:
is it inetentionally that phpMyAdmin does not try to create this ./tmp/ Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm? Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested
a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form. folder or use a config variable for this?
Could be done, but I wonder about the permissions.
did anyone test if PHP can move a file out of the open_basedir into the
open_basedir ??? this would be senseless ...
1:21 p.m.
Marc Delisle schrieb:
i don't understand why this file is moved (or better tried to be moved),
if the file can be accessed than i can read in the contents and there is
no need to move the file before read in the contents ...
i think nijel or garvin did write this code - anyone of you remember why
it is/was used this way?
--
Sebastian Mendel
www.sebastianmendel.de
Sebastian Mendel a écrit :
i didn't tried this, but can't imagine ...
Sebastian Mendel schrieb:
This might be impossible on a server running in safe mode, ownership
would be wrong. Marc Delisle schrieb:
after manually creating this ./tmp/ directory in /phpMyAdmin/
move_uploaded_file() returns false - this is what i expected
my questions are:
is it inetentionally that phpMyAdmin does not try to create this ./tmp/ Sebastian Mendel a écrit :
> Hi,
>
> is there an option to select a file from a user directory to be filled
> into a field?
Yes, try Insert into a table containing a BLOB.
> if so, than tbl_replace_fields.inc.php handles this, but it uses
> move_uploaded_file() on this file, did anybody test this this?
It has been tested a few years ago.
> does this work?
>
> move_uploaded_file() should only work on files uploaded by form ...
>
>
On the Insert page, the file is uploaded thru a form.
i am not talking about
uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm? folder or use
a config variable for this?
Could be done, but I wonder about the permissions. 
1:23 p.m.
Hi
On Tue, 12 Dec 2006 16:21:28 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
i think nijel or garvin did write this code - anyone
of you remember why
it is/was used this way?
I didn't write this code, maybe just move it around, but I never used
it.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
1:29 p.m.
Michal Čihař a écrit :
Hi
On Tue, 12 Dec 2006 16:21:28 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
I wrote it:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/tags/RELEASE_2_2_4/…
Marc
i think nijel or garvin did write this code -
anyone of you remember why
it is/was used this way?
I didn't write this code, maybe just move it around, but I never used
it.
1:40 p.m.
Sebastian Mendel a écrit :
Sebastian Mendel schrieb:
This is precisely the goal of move_uploaded_file(), to take a file
validly uploaded thru PHP and to move it, respecting safe mode and the
open_basedir restrictions.
Marc
Marc Delisle schrieb:
after manually creating this ./tmp/ directory in /phpMyAdmin/
move_uploaded_file() returns false - this is what i expected
my questions are:
is it inetentionally that phpMyAdmin does not try to create this ./tmp/
folder or use a config variable for this?
did anyone test if PHP can move a file out of the open_basedir into the
open_basedir ??? this would be senseless ... Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm? Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested
a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form.
1:48 p.m.
Marc Delisle schrieb:
yes, right,
but move_uploaded_file() is used there to move a NOT uploaded file - it
trys to move a file placed in $cfg['UploadDir'] by something other than
FORM - this should fail!
--
Sebastian Mendel
www.sebastianmendel.de
did anyone
test if PHP can move a file out of the open_basedir into the
open_basedir ??? this would be senseless ...
This is precisely the goal of move_uploaded_file(), to take a file
validly uploaded thru PHP and to move it, respecting safe mode and the
open_basedir restrictions.
1:07 p.m.
Sebastian Mendel a écrit :
Marc Delisle schrieb:
FAQ 1.11.
Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm?
Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested
a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form.
1:13 p.m.
Marc Delisle schrieb:
Sebastian Mendel a écrit :
http://wiki.cihar.com/pma/FAQ_1.11 talks about uploaded files, not files
from $cfg['UploadDir']
--
Sebastian Mendel
www.sebastianmendel.de
Marc Delisle schrieb:
FAQ 1.11. Sebastian Mendel a écrit :
i am not talking about uploaded files via form, i am talking about the
file a user can select when $cfg['UploadDir'] is set
if open_basedir restriction is set PMA checks for a directory ./tmp/,
only checks, but does not create it, i don't know if this mentioned
somewhere in the documentation
if this directory exists and is writable, PMA trys to move the file out
of the $cfg['UploadDir'] to this tmp-directory with the function
move_uploaded_file() ... IMHO this will not work!
can anyone confirm?
Hi,
is there an option to select a file from a user directory to be filled
into a field?
Yes, try Insert into a table containing a BLOB.
if so, than tbl_replace_fields.inc.php handles
this, but it uses
move_uploaded_file() on this file, did anybody test this this?
It has been tested
a few years ago.
does this work?
move_uploaded_file() should only work on files uploaded by form ...
On the Insert page, the file is uploaded thru a form. 
1:22 p.m.
Marc Delisle wrote:
FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
--
View this message in context:
http://www.nabble.com/insert-update-row-with-file-contents-tf2807721.html#a…
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
1:36 p.m.
Jürgen Wind a écrit :
Marc Delisle wrote:
FAQ 1.11 says
"Assuming that the restriction allows you to open files in the current
directory ('.')"
so IMO you need the dot into your open_basedir directive.
FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
2 p.m.
Marc Delisle wrote:
Jürgen Wind a écrit :
i don't think so, php.ini says:
; open_basedir, if set, limits all file operations to the defined directory
; and below.
;---8<---
open_basedir = /HTdocs
;TESTING
and i have pma in D:\HTdocs\pmaxxxx
--
View this message in context:
http://www.nabble.com/insert-update-row-with-file-contents-tf2807721.html#a…
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
Marc Delisle wrote:
FAQ 1.11 says
"Assuming that the restriction allows you to open files in the current
directory ('.')"
so IMO you need the dot into your open_basedir directive.
FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
2:08 p.m.
Jürgen Wind schrieb:
Marc Delisle wrote:
if your upload tmp dir (php.ini) is outside from of open_base_dir you
can not open the uplaoded file ...
using PHP 5.2.0, winxp, Apache tmp_name is even empty
--
Sebastian Mendel
www.sebastianmendel.de
Jürgen Wind a écrit :
i don't think so, php.ini says:
; open_basedir, if set, limits all file operations to the defined directory
; and below.
;---8<---
open_basedir = /HTdocs
;TESTING
and i have pma in D:\HTdocs\pmaxxxx
Marc Delisle wrote:
FAQ 1.11 says
"Assuming that the restriction allows you to open files in the current
directory ('.')"
so IMO you need the dot into your open_basedir directive.
FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
2:17 p.m.
Sebastian Mendel wrote:
Jürgen Wind schrieb:
yes, but the FAQ 1.11 says:
...*all* you have to do is create a 'tmp' directory under the phpMyAdmin
install directory, with permissions 777 and the same owner as the owner of
your phpMyAdmin directory. The uploaded files will be moved there, and after
execution of your SQL commands, removed.
in addition i second your opinion that there is no need for
move_uploaded_file if the file is
coming from upload_dir (my upload_dir is inside base_dir)
--
View this message in context:
http://www.nabble.com/insert-update-row-with-file-contents-tf2807721.html#a…
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
i don't think so, php.ini says:
; open_basedir, if set, limits all file operations to the defined
directory
; and below.
;---8<---
open_basedir = /HTdocs
;TESTING
and i have pma in D:\HTdocs\pmaxxxx
if your upload tmp dir (php.ini) is outside from of open_base_dir you
can not open the uplaoded file ...
using PHP 5.2.0, winxp, Apache tmp_name is even empty
--
Sebastian Mendel
2:34 p.m.
Jürgen Wind wrote:
Marc Delisle wrote:
ok,
my upload_tmp_dir was not inside open_basedir = /HTdocs
but this should only be used if the file comes from the "browse/upload from
local disk form"
--
View this message in context:
http://www.nabble.com/insert-update-row-with-file-contents-tf2807721.html#a…
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
2:44 p.m.
Jürgen Wind a écrit :
Jürgen Wind wrote:
I looked again at the code. This code has changed a lot since PMA 2.2.4
:) The original code (and FAQ 1.11) was only intended to make HTTP
uploads work with open_basedir restrictions, and move_uploaded_dir()
only handled uploaded files; the UploadDir mechanism was not related to
that.
The current code has a lot of problems. For example, fopen() at line 45
$val = fread(fopen($data_file, 'rb'), filesize($data_file));
fails if open_basedir is in effect.
There is also the move_uploaded_file() issue you mentionned.
Sebastian, are you working on this? If not, I can work on this.
Marc
Marc Delisle wrote:
ok,
my upload_tmp_dir was not inside open_basedir = /HTdocs
but this should only be used if the file comes from the "browse/upload from
local disk form" FAQ 1.11.
that doesn't help (at least not under windows) :
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(D:\php1B0.tmp) is not within the allowed path(s): (/HTdocs)
in D:\HTdocs\PmaTrunk\libraries\tbl_replace_fields.inc.php on line 45
---8<---
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'after ./tmp creation FAQ 1.11 ;)', '0', ''
);
1:10 p.m.
i can confirm that upload from uploaddir fails if base_dir is set to
"/htdocs" :
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'with base_dir restriktions', '0', ''
);
but works well if base_dir is not set.
--
View this message in context:
http://www.nabble.com/insert-update-row-with-file-contents-tf2807721.html#a…
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
1:15 p.m.
Jürgen Wind schrieb:
i can confirm that upload from uploaddir fails if
base_dir is set to
"/htdocs" :
Inserted rows: 1
Warning (1265): Data truncated for column 'c1' at row 1
SQL query:INSERT INTO `blobUplTest` ( `c1` , `DATE` , `blobF` )
VALUES (
'with base_dir restriktions', '0', ''
);
yes, this is what i expected,
so this piece of code is absolutely useless, if someone places the
$cfg['UploadDir'] out of open_base_dir ...
but works well if base_dir is not set.
yes, if open_base_dir is not set, move_uploaded_file() is not invoked
--
Sebastian Mendel
www.sebastianmendel.de
6479
days inactive
6479
days old
20 comments
5 participants
participants (5)
-
Jürgen Wind -
Marc Delisle -
Marc Delisle
-
Michal Čihař -
Sebastian Mendel