Plugin file upload

luck

Verified User
Joined
May 24, 2011
Messages
30
Hello,
I'l looking for an advice about files upload in DA plugins.
Unfortunatelly I can't get $_FILES variable in the plugin. Already tried parse_str(getenv('FILES'), $_FILES);
Also I see that $_POST handles path to file like "/tmp/file.jpgXYZ" but its not accessible.

Tried to change upload_tmp_dir - no dice.

Any advice appreciated. Thanks
 
Hello,

That should be:

PHP:
if (isset($_SERVER['POST']) && $_SERVER['POST'])
{
       parse_str($_SERVER['POST'], $_POST);
}


and

HTML:
<form method='POST' enctype='multipart/form-data' action='?'>
File to upload: <input type=file name=upfile>
<br>Notes about the file: <input type=text name=note>
<br>
<br>
<input type=submit value=Press> to upload the file!</form>

PHP:
<?php
print "<pre>";
var_dump(is_file($_POST['upfile']));
print "</pre>";
exit;

resulted in:

Code:
[COLOR=#000000][FONT=verdana]bool(true)[/FONT][/COLOR]


By the way a file is uploaded into a temp directory located in /home/tmp/
 
Yes - I've been there and tried that. Unfortunatelly cant move that file:

var_dump(move_uploaded_file($_POST['upfile'], 'xxx/xxx/xxx'));

returns:

bool(false)

var_dump(is_uploaded_file($_POST['upfile']));

returns

bool(false)


Also tried that:

|$/usr/local/php/php52_directadmin/bin/php -b upload_tmp_dir=/xxx/yyy/zzz


no luck
 
Last edited:
The uploaded file seems be owned by user "nobody" and has permissions of 0600. And since you are running a plugin from admin or another user (not "nobody") you can not access it. Thus you need to run the plugin as root (via a suid wrapper).

If you need directadmin to change its behaviour regarding the matter and change owner from nobody to another user from which it currently is running, then you might need to report either a bug or a feature request here in proper sub-forum.
 
Plugins running as nobody are not very useful so we need to escalate to root to catch uploaded file.
It would be more secure (and logical too) to save the uploaded file as the user running plugin and not need to switch to root.
 
Back
Top