4

I cannot imagine why should I use this function instead of a simple rename.

The manual writes:

move_uploaded_file

This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

Can you please write an example why is this so important?

Community
  • 1
  • 1
inf3rno
  • 24,976
  • 11
  • 115
  • 197
  • possible duplicate of [php - Differences between copy, rename and move\_uploaded\_file](http://stackoverflow.com/questions/3924016/php-differences-between-copy-rename-and-move-uploaded-file) – Lucas Apr 05 '14 at 02:07

3 Answers3

5

Because using regular filesystem functions for this purpose might create security vulnerabilities. If you do this in your program:

rename($source, $destination);

and the attacker is able to control the value of $source, they have gained the capability to rename (or move! -- rename also moves files across directories) any file that your PHP process has access to.

If they can also influence $destination or if there is some way of gaining access to the contents of the file after it is moved they can use this vulnerability to gain access to your source code at the very least, which would usually reveal authentication credentials. And it's not difficult to imagine this happening: if you accept user uploads and make them accessible over a URL this functionality would be already built into your application.

In general, it's a security issue that you have to think about; the _uploaded_file functions are there to help you land in the pit of success.

Update (material pulled from comments):

Modern handling of file uploads (through $_FILES) has largely made move_uploaded_file technically unnecessary. But don't forget that:

  • Technically unnecessary might still be a good idea: we are talking security, why not be extra safe?
  • move_uploaded_files was introduced at a time where $_FILES did not even exist and widespread usage of register_globals was reality instead of a children horror story.
Community
  • 1
  • 1
Jon
  • 428,835
  • 81
  • 738
  • 806
  • 1
    " the attacker is able to control the value of $source" - this is a huge if... The source file name is generated by php automatically, it cannot controlled from outside, it is a random number. So I'm not convinced. – inf3rno Apr 29 '13 at 11:05
  • 1
    @inf3rno: If `$source` is generated by PHP *in your application*, that's good for you and you don't need `move_uploaded_file`. But the feature is not personally targeted at you or even the particular piece of code you have in mind. – Jon Apr 29 '13 at 11:08
  • 3
    @inf3rno: The population of `$_FILES` is a PHP feature. The fact that the first argument to `rename` comes directly from inside `$_FILES` is due to your own code and noone else. Also, `move_uploaded_file` predates the introduction of `$_FILES`; and at that time `register_globals` was still a thing. So it really doesn't seem that useful *today*, but it's been there for a very long time. – Jon Apr 29 '13 at 11:10
  • Haha, lol, so you say the ppl usually move their uploaded files not with the help of the $_FILES superglobal... Nice magic... – inf3rno Apr 29 '13 at 11:13
  • @inf3rno: Please read the additions I made to the comment. And try not to be a smart-aleck -- there are factors *you* haven't thought about, and that's noone else's fault. – Jon Apr 29 '13 at 11:14
  • Nice, please edit your answer with that register globals thing, and I'll accept it. So I can use rename, if I check that register globals is off. – inf3rno Apr 29 '13 at 11:14
  • 2
    The php.init file contains on option "open_basedir" (http://www.php.net/manual/en/ini.core.php#ini.open-basedir) using it you can prevent an PHP apps from reading files outside its root directory, in that situation only move_upload_file can read the uploaded file from the /tmp directory. It improve security as it protects website on the same server from one another, or an uploaded malicious script to destroy more that the application it was uploaded on. – Hermann Stephane Ntsamo Apr 29 '13 at 11:19
-2

move_uploaded_file actually moves your uploaded file FROM tmp directory TO permanent location on your server. Yes it's important because you will have to move the file to your server at your specified location right?

Check code snippet example for move_uploaded_file here: http://www.developphp.com/view_lesson.php?v=449

Kalpesh
  • 5,635
  • 2
  • 23
  • 39
  • I can move it with regular php file functions too. – inf3rno Apr 29 '13 at 11:08
  • `move_uploaded_file()` ensures the safety by allowing only those files uploaded through PHP to be moved. So it is dedicated function to move only uploaded files. – Kalpesh Apr 29 '13 at 11:11
-2

You should not use rename function as rename function is used to rename an existing file with a new name. Whereas function like move_uploaded_file and copy are actually used to upload a file from tmp directory to the destination directory.

rename() should be used to move ordinary files, and not files uploaded through a form. The reason for this is because there is a special function, called move_uploaded_file(), which checks to make sure the file has indeed been uploaded before moving it - this stops people trying to hack your server into making private files visible. You can perform this check yourself if you like by calling the is_uploaded_file() function.

chandresh_cool
  • 11,753
  • 3
  • 30
  • 45