[Phpmyadmin-devel] insert/update row with file contents
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Tue Dec 12 16:40:37 CET 2006
Sebastian Mendel a écrit :
> Sebastian Mendel schrieb:
>> Marc Delisle schrieb:
>>> Sebastian Mendel a écrit :
>>>> Hi,
>>>>
>>>> is there an option to select a file from a user directory to be filled
>>>> into a field?
>>> Yes, try Insert into a table containing a BLOB.
>>>
>>>> if so, than tbl_replace_fields.inc.php handles this, but it uses
>>>> move_uploaded_file() on this file, did anybody test this this?
>>> It has been tested a few years ago.
>>>> does this work?
>>>>
>>>> move_uploaded_file() should only work on files uploaded by form ...
>>>>
>>>>
>>> On the Insert page, the file is uploaded thru a form.
>>
>> i am not talking about uploaded files via form, i am talking about the
>> file a user can select when $cfg['UploadDir'] is set
>>
>> if open_basedir restriction is set PMA checks for a directory ./tmp/,
>> only checks, but does not create it, i don't know if this mentioned
>> somewhere in the documentation
>>
>> if this directory exists and is writable, PMA trys to move the file out
>> of the $cfg['UploadDir'] to this tmp-directory with the function
>> move_uploaded_file() ... IMHO this will not work!
>>
>>
>> can anyone confirm?
>
> after manually creating this ./tmp/ directory in /phpMyAdmin/
> move_uploaded_file() returns false - this is what i expected
>
>
> my questions are:
>
> is it inetentionally that phpMyAdmin does not try to create this ./tmp/
> folder or use a config variable for this?
>
> did anyone test if PHP can move a file out of the open_basedir into the
> open_basedir ??? this would be senseless ...
This is precisely the goal of move_uploaded_file(), to take a file
validly uploaded thru PHP and to move it, respecting safe mode and the
open_basedir restrictions.
Marc
More information about the Developers
mailing list