[NTLUG:Discuss] default uploaded file's permission problem
Patrick R. Michaud
pmichaud at pobox.com
Fri Mar 4 08:59:40 CST 2005
On Fri, Mar 04, 2005 at 01:36:48PM +0000, m m wrote:
> 3. I add the umask on the php code, the result is the same. (see below)
>
> umask (); //********* add here
> $categories_image = tep_get_uploaded_file('categories_image');
> $image_directory = tep_get_local_path(DIR_FS_CATALOG_IMAGES);
>
> if (is_uploaded_file($categories_image['tmp_name'])) {
> tep_db_query("update " . TABLE_CATEGORIES . " set categories_image = '" .
> $categories_image['name'] . "' where categories_id = '" .
> tep_db_input($categories_id) . "'");
> umask (); //**************** add another here
> tep_copy_uploaded_file($categories_image, $image_directory);
> }
Ummm, you added the calls to umask but didn't supply parameters?
Shouldn't those umask calls be
umask(022);
...? Calling umask() with no arguments doesn't change the umask,
it just returns the value of the current umask.
> why is the default permission is 600? not 700? there must be some where can
> set it bo be what we want!
I'm not sure it's the "default" permission, or that there is a default
umask setting in PHP. One of my users recently reported that on his
system the umask settings of php scripts can be carried from one
script to the next. I.e., if someone runs a PHP script that sets
umask(0177), then later executions of other php scripts that don't
set umask can receive the setting left over from the previous
script executions. Ouch. I can see how this would be possible, but
it sounds to me like a PHP or Apache implementation bug if it's true.
(AFAIK I've never run into this problem myself, as PmWiki always sets
its own umask value. :-).
Pm
> >From: "Patrick R. Michaud" <pmichaud at pobox.com>
> >Reply-To: NTLUG Discussion List <discuss at ntlug.org>
> >To: NTLUG Discussion List <discuss at ntlug.org>
> >Subject: Re: [NTLUG:Discuss] default uploaded file's permission problem
> >Date: Thu, 3 Mar 2005 23:52:26 -0600
> >
> >On Fri, Mar 04, 2005 at 04:23:40AM +0000, m m wrote:
> >>
> >> I upload the file with ftp, and get new created file permission 755.
> >> but if I use oscommerce /admin/categories.php to upload image, it always
> >> set 600 (-wr-------) only.
> >>
> >> I have try to set umask 022 or umask 000 on the /etc/profile and it does
> >> not work.
> >
> >Setting umask in /etc/profile won't help with a php-upload script
> >via a webserver, because there's nothing to "log in" that would
> >process /etc/profile.
> >
> >It's likely that the only thing that will be able to affect the
> >permissions of the uploaded file will be the categories.php script
> >itself. If categories.php is is simply moving the uploaded file
> >from the sandbox into the filesystem (and not doing anything else
> >to change the file permissions in the process), then the file is
> >likely to end up with 600 permissions.
> >
> >In short, oscommerce will be the likely place to look for the answer to
> >this question.
> >
> >Pm
> >
> >_______________________________________________
> >https://ntlug.org/mailman/listinfo/discuss
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar - get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list