[NTLUG:Discuss] default uploaded file's permission problem

m m llliiilll at hotmail.com
Fri Mar 4 09:43:10 CST 2005 


>From: "Patrick R. Michaud" <pmichaud at pobox.com>
>Reply-To: NTLUG Discussion List <discuss at ntlug.org>
>To: NTLUG Discussion List <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] default uploaded file's permission problem
>Date: Fri, 4 Mar 2005 08:59:40 -0600
>
>On Fri, Mar 04, 2005 at 01:36:48PM +0000, m m wrote:
> > 3. I add the umask on the php code, the result is the same. (see below)
> >
> > umask (); //********* add here
> > $categories_image = tep_get_uploaded_file('categories_image');
> > $image_directory = tep_get_local_path(DIR_FS_CATALOG_IMAGES);
> >
> > if (is_uploaded_file($categories_image['tmp_name'])) {
> > tep_db_query("update " . TABLE_CATEGORIES . " set categories_image = '" 
>.
> > $categories_image['name'] . "' where categories_id = '" .
> > tep_db_input($categories_id) . "'");
> > umask (); //**************** add another here
> > tep_copy_uploaded_file($categories_image, $image_directory);
> > }
>
>Ummm, you added the calls to umask but didn't supply parameters?
>Shouldn't those umask calls be
>
>     umask(022);

hmmm.... I don't remember if I did the it or not. but I will try again. 
Thanks.

Still don't underatand the same code on other 2 different servers don't have 
such problem. This is really bug me.


>
>...?  Calling umask() with no arguments doesn't change the umask,
>it just returns the value of the current umask.
>
> > why is the default permission is 600? not 700? there must be some where 
>can
> > set it bo be what we want!
>
>I'm not sure it's the "default" permission, or that there is a default
>umask setting in PHP.  One of my users recently reported that on his
>system the umask settings of php scripts can be carried from one
>script to the next.  I.e., if someone runs a PHP script that sets
>umask(0177), then later executions of other php scripts that don't
>set umask can receive the setting left over from the previous
>script executions.  Ouch.  I can see how this would be possible, but
>it sounds to me like a PHP or Apache implementation bug if it's true.

Just FYI, This may be the hint? (I have no idea how to tell " PHP is being 
used as a server module".)

umask() sets PHP's umask to mask & 0777 and returns the old umask. When PHP 
is being used as a server module, the umask is restored when each request is 
finished.



>(AFAIK I've never run into this problem myself, as PmWiki always sets
>its own umask value. :-).



>
>Pm
>
>
> > >From: "Patrick R. Michaud" <pmichaud at pobox.com>
> > >Reply-To: NTLUG Discussion List <discuss at ntlug.org>
> > >To: NTLUG Discussion List <discuss at ntlug.org>
> > >Subject: Re: [NTLUG:Discuss] default uploaded file's permission problem
> > >Date: Thu, 3 Mar 2005 23:52:26 -0600
> > >
> > >On Fri, Mar 04, 2005 at 04:23:40AM +0000, m m wrote:
> > >>
> > >> I upload the file with ftp, and get new created file permission 755.
> > >> but if I use oscommerce /admin/categories.php to upload image, it 
>always
> > >> set 600 (-wr-------) only.
> > >>
> > >> I have try to set umask 022 or umask 000 on the /etc/profile and it 
>does
> > >> not work.
> > >
> > >Setting umask in /etc/profile won't help with a php-upload script
> > >via a webserver, because there's nothing to "log in" that would
> > >process /etc/profile.
> > >
> > >It's likely that the only thing that will be able to affect the
> > >permissions of the uploaded file will be the categories.php script
> > >itself.  If categories.php is is simply moving the uploaded file
> > >from the sandbox into the filesystem (and not doing anything else
> > >to change the file permissions in the process), then the file is
> > >likely to end up with 600 permissions.
> > >
> > >In short, oscommerce will be the likely place to look for the answer to
> > >this question.
> > >
> > >Pm
> > >
> > >_______________________________________________
> > >https://ntlug.org/mailman/listinfo/discuss
> >
> > _________________________________________________________________
> > FREE pop-up blocking with the new MSN Toolbar - get it now!
> > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> >
> >
> > _______________________________________________
> > https://ntlug.org/mailman/listinfo/discuss
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the Discuss mailing list