Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Something is wrong with upload_tmp_dir security test #44

Closed
crankedguy opened this issue Sep 26, 2018 · 2 comments
Closed

Something is wrong with upload_tmp_dir security test #44

crankedguy opened this issue Sep 26, 2018 · 2 comments
Labels
bug

Comments

@crankedguy
Copy link

Hi,
something is wrong with your upload_tmp_dir security test
This is an excerpt of phpinfo() on my matomo instance

upload_tmp_dir | /home/xxx/tmp_php | /home/xxx/tmp_php

and this is the directory to it :

drwx------ 2 xxx xxx 4096 Sep 26 19:33 tmp_php

When running the test I always get
"upload_tmp_dir is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access temporary copies of files uploaded via your PHP scripts. You should set upload_tmp_dir to a non-world-readable directory"
@Findus23 Findus23 transferred this issue from matomo-org/matomo May 23, 2020
@tsteur tsteur added the bug label May 24, 2020
@tsteur
Copy link
Member

tsteur commented May 24, 2020

This might be actually an issue in the PhpSecInfo library. There were some improvements made eg in #20 but maybe that patch isn't covering everything or so.

@tsteur tsteur closed this as completed May 24, 2020
@tsteur tsteur reopened this May 24, 2020
@Findus23
Copy link
Member

@tsteur It is quite likely that this issue was fixed by #20 as it is older (I just moved it over a few days ago).

@crankedguy If you or someone else can reproduce this issue in the latest version of the plugin, can you please reopen this issue or create a new one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsteur @Findus23 @crankedguy