I'm creating a simple script that receives a zip as upload, extract it, and executes some logic. I don't need to keep the zip or the raw files that are in it, so I'm trying to extract to the system temp directory.
The problem is that it is not working, the error says that it is not within the allowed paths but the file is clearly in the allowed path.....
PHP message: PHP Warning: fopen(): open_basedir restriction in effect. File(/tmp/random_tmp_dir_My3C2v/upload.zip) is not within the allowed path(s): (/var/www/vhosts/domain.com/:/tmp/)
$tmp_dir = tempnam(sys_get_temp_dir(), "random_tmp_dir_");
if (!$tmp_dir) {
header("HTTP/1.1 500 Internal Server Error");
error_log("Failed to create a temporary folder");
exit(5);
}
$input = @fopen("php://input", "r");
if (!$input) {
header("HTTP/1.1 400 Bad Request");
exit;
}
$output = fopen("$tmp_dir/upload.zip", "w"); // This generates the open warning
if (!$output) { // $output was false and the script fails
header("HTTP/1.1 500 Internal Server Error");
error_log("Failed to open the file for writing: $tmp_dir/upload.zip");
abort();
exit(2);
}
I don't get why I can create a subfolder but I can't access the subfolder that I've just created...