Possible Security Issue With PHP Configuration

[zergling]

The php configuration included with plesk does not set a folder for upload_temp_dir which uploaded files are sent to. The problem is when this value is not set in php.ini it is automatically set to %temp% which usually is c:\windows\temp

To get uploads working properly for your php applications the proper permissions have to be set for this folder.....the problem is there are other temporary files placed in that folder that i am sure a host would not want someone having such access to a system folder..

i propose a value be set for php upload temp and the proper permissions set for it.

 

[wscreate]

Originally posted by zergling
The php configuration included with plesk does not set a folder for upload_temp_dir which uploaded files are sent to. The problem is when this value is not set in php.ini it is automatically set to %temp% which usually is c:\windows\temp

To get uploads working properly for your php applications the proper permissions have to be set for this folder.....the problem is there are other temporary files placed in that folder that i am sure a host would not want someone having such access to a system folder..

i propose a value be set for php upload temp and the proper permissions set for it.

I believe your suggestion is reasonable.