Unknown error occured, file not uploaded

[Petalo]

Hi,

I'm running v.0.611-cvs and had following error using the add media feature while uploading a little gif from 3 kb:

"Unknown error occured, file not uploaded. Maybe your filesize is larger than the maximum size allowed by your server installation. Check with your ISP or edit your php.ini file to allow larger file size uploads"

I don't expect it to be much but I haven't solved it yet. I checked the php.ini and file uploads are on. It's a default php installation so the filesize shouldn't be the problem.

Is it a maybe httpd.conf thingy?
Like livin' on the edge anyway

My configuration:
OS: WindowsXP
MySQL 4018
Apache 1.13
PHP 4
S9Y v.0.611-cvs

[garvinhicking]

Hi Petalo!

This error message only occurs when move_uploaded_file() failed. That's an internal PHP function. Please look at http://www.php.net/move_uploaded_file - do you maybe run PHP in safe mode?

Regards,
Garvin

[Petalo]

Thx Garving,
Read about move_uploaded_file() like you suggested, but it's still a mystery to me, because I assume I upload a valid file (tried several files).
I run also mamboserver (CMS based on PHP) in the same environment. Here uploading and publishing the same stuff isn't a problem. Could moving files be different between the two?
BTW: checked the PHP.INI and "safe mode" is off

[steenslag]

Same thing here:

"Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 10418 is not allowed to access /home/httpd/vhosts/dorinde.nl/httpdocs/kvd/uploads owned by uid 48 in /home/httpd/vhosts/dorinde.nl/httpdocs/kvd/serendipity_admin_images.inc.php on line 155
Unknown error occured, file not uploaded. Maybe your filesize is larger than the maximum size allowed by your server installation. Check with your ISP or edit your php.ini file to allow larger file size uploads."

Apparently it's not happy about a thing called uid. Me too. Nasty rotten little uid.

This is the third install. May be this directory is a remnant of an older installation? (current is Serendipity v.0.6.12-CVS )

[Petalo]

Steenslag,

In your case safe mode is on in your PHP.INI and I believe I have read that then some security is in effect.
For troubleshooting purposes you could try to turn safe mode off and see if things work.

[tomsommer]

It seems the UID of the upload folder does not match the UID of the rest of the scripts, in case you are on a shared server - please ask your systems administrator to change the UID for all your files and folders - so they share the same user.

[Thomas]

Hi,

playing around with s9y on W2K I encountered the same problem with the file upload.
I added just before line 155 following line:

Code: Select all

echo $_FILES['userfile']['tmp_name']."<br>\n";

and came along that result:

Code: Select all

C:xampptmpphp4B.tmp

So it seems that the slashes are lost somehow and so the file cannot be found.

The solution lies in the parameter "magic_quotes_gpc". The parameter should be turned off in your working php.ini when running on a Billyboy release.

Regards, Thomas

[tomsommer]

hrm, this might be our fault after all, will look into it

[Thomas]

Hi,

well, from my point of view you can't do something against when the useris using a Windows platform. The parameter magic_quotes_gpc translates the '\' anyway so $_FILES['myfile']['tmp_name'] well be modified.

Regards, Thomas

[tomsommer]

afaik, $_FILES['myfile']['tmp_name'] is not affected by _gpc, rather I suspect it is our stripslashes function that is nuking the '\'

[Thomas]

Hi Tom,

well I read through again the manual at php.net and didn't find any hint about $_FILES and magic_quotes_gpc.
There's only one note about the tmp_name at the end of that page:
http://www.php.net/manual/en/features.file-upload.php
The message from brion at pobox dot com.

Suggestion: I'll try it out tomorrow and post here the results. Let's see what happens then.

[Thomas]

Hi,

well, I tested the case today on my local installation and here are the results.

Here with magic_quotes_gpc enabled but in the file compat.php the $_FILES walkthrough is commented out (line 94-96):

Code: Select all

Array ( [userfile] => Array ( [name] => 0182.jpg [type] => image/jpeg [tmp_name] => C:\XAMPP\xampp\tmp\php1B.tmp [error] => 0 [size] => 42835 ) )
magic_quotes_gpc is: 1
File 0182.jpg successfully uploaded as C:/XAMPP/xampp/htdocs/s9y/uploads/0182.jpg
Thumbnail created.
Done.

The next try I uncommented $_FILES from compat.php (line 94-96) and here's the result:

Code: Select all

Array ( [userfile] => Array ( [name] => 005-4.jpg [type] => image/jpeg [tmp_name] => C:XAMPPxampptmpphp1C.tmp [error] => 0 [size] => 47071 ) )
magic_quotes_gpc is: 1
Unknown error occured, file not uploaded. Maybe your filesize is larger than the maximum size allowed by your server installation. Check with your ISP or edit your php.ini file to allow larger file size uploads.

From my point of view $_FILES should not be modified since $_FILES is a contains the POST properties but from the server side and so the path information for the temporary filename can not be modified on client side.

Regards, Thomas

[garvinhicking]

Hi Thomas!

You are absolutely right; we received the patch for the stripping some months ago, and implemented it with reverse logic. Instead of only applying the stripslashes for non-windows systems, it applied it for windows systems. I fixed this in our current CVS branch and will put it in the final 0.7 release.

Regards,
Garvin

[Petalo]

Great job and well done. Looking forward to 0.7 final!

Just updated with latest cvs and I want to show you all:

Serendipity Authoring Suite
Adding image...

File aixlogos.gif successfully uploaded as c:/program files/apache group/apache/htdocs/blog/bestanden/aixlogos.gif
Thumbnail created.
Done