cz9qvh wrote:
i would recommend
Code:
open_basedir = /tmp
probably, i can't think why would want your scripts modifying files in /var/www
The OP said he was using a file upload script. In that case, the path where the uploaded files are saved must be writable by the script. And no sane script permanently saves files to /tmp.
I ran into exactly the same problem just a few days ago, due to a stupid mistake. I was making a very restrictive list of open_basedir directives and forgot to include /tmp. I only found out about the mistake when a user emailed me that uploads were not working.
PHP stores user-uploaded files in /tmp for a brief period, usually until the script which handles the upload exits or else the file is moved to a permanent location, whichever happens first. You can change this behavior by editing the "upload_tmp_dir" directive in your php.ini. Most of the time it's okay to use /tmp to store non-confidential information such as uploaded images. But if the information you're storing in /tmp is confidential and other people also have access to /tmp, you might want to think more carefully.
Another situation where it might be a good idea to change "upload_tmp_dir" is if you accept large uploads (~100M) and /tmp is in a different partition from the location of permanent storage (usually under the web root). In that case, you can avoid unnecessary inter-partition file moves (more copying = more I/O) by forcing PHP to store temporary uploaded files in the same partition as the location of permanent storage.