PHP Configuration hell
Sunday, September 2nd, 2007
From the Apache2 configuration file for host example.com:
php_admin_value upload_tmp_dir "/var/www/example.com/tmp/"
From the file /var/www/example.com/htdocs/test.php:
Then, after trying to upload a file, from the /var/www/example.com/logs/error.log:
[Sun Sep 02 18:09:05 2007] [error] [client 126.96.36.199] PHP Warning: Unknown: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/example.com/) in Unknown on line 0, referer: http://example.com/test.php [Sun Sep 02 18:09:05 2007] [error] [client 188.8.131.52] PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0, referer: http://example.com/test.php
I’ll highlight the important part for you: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s):.
The lesson?? PHP needs to STOP silently ignoring errors and stop just using the default value when errors are encountered! The problem was that I specified the wrong upload_tmp_dir. It should have been /var/www/example.com/htdocs/tmp/. PHP should have thrown an error because this directory doesn’t exist (it has detected this, because it falls back to the default of /tmp) and not just continue.
PHP’s configuration implementation is one of the worst I’ve ever seen, and whoever’s responsible for these kinds of problems should feel ashamed. PHP, like MySQL, is way to lenient when it comes to errors; silently trying to ‘recover’ from them. And people wonder why they’re considered such bad projects?
A tip for PHP’s developers: Fail early and fail loudly.