I have the below PHP code to upload files
$uploadedFile = '';
if(!empty($_FILES["file"]["name"])){
// File path config
$fileName = $_FILES["file"]["name"];
$targetFilePath = 'uploads/'.$fileName;
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
// Allow certain file formats to upload
if(in_array($fileType, $allowTypes)){
// Upload file to the server
if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath)){
$uploadedFile = $fileName;
$uploadStatus = 1;
}else{
$uploadStatus = 0;
$response['message'] = 'Sorry, there was an error uploading your file.';
}
}else{
$uploadStatus = 0;
$response['message'] = 'Sorry, only '.implode('/', $allowTypes).' files are allowed to upload.';
}
}
if($uploadStatus == 1){
// Insert form data in the database
$sqlInsertFilePath = "insert into soundexercises(filepath) values ('$targetFilePath')";
$resultFilePath = pg_query($cn, $sqlInsertFilePath);
if($resultFilePath){
$response['status'] = 1;
$response['message'] = 'Form data submitted successfully!';
}
}
}else{
$response['message'] = 'Please fill all the mandatory fields.';
I get error
Sorry, there was an error uploading your file.
I check the error.log from my apache and I get the below
2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Warning. Match of "rx ^$" against "FILES:file" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/000_i360_0.conf"] [line "158"] [id "77317957"] [msg "IM360 WAF: Track file upload||File:\\xe8\\x88\\x92\\xe6\\x9c\\x8d shufu.m4a||Size:20084||User:yskapell||SC:/var/www/vhosts/kaiqiaozhi.space/lxxxxxxx/exercises/upload_sound.php||T:APACHE||"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/admin/dashboard.php
2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Warning. Match of "rx ^$" against "FILES_TMPNAMES:file" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/000_i360_0.conf"] [line "158"] [id "77317957"] [msg "IM360 WAF: Track file upload||File:/tmp/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa||Size:20084||User:yskapell||SC:/var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php||T:APACHE||"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/admin/dashboard.php
2023-01-22 16:19:25 [fcgid:warn] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] mod_fcgid: stderr: PHP Warning: move_uploaded_file(uploads/\xe8\x88\x92\xe6\x9c\x8d shufu.m4a): failed to open stream: No such file or directory in /var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php on line 63, referer: https://xxxxxxx/admin/dashboard.php
2023-01-22 16:19:25 [fcgid:warn] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] mod_fcgid: stderr: PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpvatIuu' to 'uploads/\xe8\x88\x92\xe6\x9c\x8d shufu.m4a' in /var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php on line 63, referer: https://xxxxxxx/admin/dashboard.php
2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Input filter: Failed to rename file from "/tmp/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa" to "/var/cache/modsec-upload/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa". [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/dashboard.php
I checked the permission on the upload folder and it's 755 with correct owner.
===UPDATE=== The $_FILES['file']['error'] return 0 .
1:0 {"status":0,"message":"Sorry, there was an error uploading your file.","results":"No results"}
CodePudding user response:
What happens when You provide full absolute path for the $targetFilePath
instead of 'uploads/'.$fileName
?
There's also comodo security Modsecurity warning error in Your logs.