Fail saving file

PHP
1

So I have this code and the echo im getting is

get file...saving file...Failed saving files

Why does it fail to save? Anybody know any reasons why ik the file exist on my server

<?php
echo 'get file...';
if(!isset($_REQUEST['from'])){die('Fail: Parameter "from" not set.');}
if(!isset($_REQUEST['to'])){die('Fail: Parameter "to" not set.');}
$data=file_get_contents($_REQUEST['from']);
if($data===false){die('Failed getting file.');}
echo 'saving file...';
$succ=file_put_contents($_REQUEST['to'],$data);
echo $succ ? 'Success' : 'Failed saving file';
?>`
2

  1. Do you know which order you have $_REQUEST set to retrieve in ($_COOKIE, $_GET, $_POST - in what order?).

  2. Check what value is actually being loaded into the script as it may not be what you think.

  3. What path is being specified? Is it relative or absolute? Is the file in the appropriate location on the server for it to be found?

3

not sure what the first to are reffering to but bassically the script is getting the files $_GET and I am passing these parameters

from=http://testserver.com/test.html&to=test.html

and on my server it creates a file called test.html but nothing is saved in the file

4

are you sure that’s the first place $_REQUEST is looking - you can never be certain what order that is set to use which is one of the reasons why it is recommended not to use it. Also if you are expecting the data from $_GET why not get it directly from there rather than possibly allowing $_COOKIE or $_POST values to override it.

are you sure your server is allowed to read from that location - most servers don’t allow URL references

So the failure point is probably a security issue with the file_get_contents() not being allowed to read from the specified source.

5

see i was afraid of that but see i own both of the servers so how do i make it to where they can access files from each other?

6

Did you try editing your php.ini file allow_url_fopen setting to true?
http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen

;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
7

Once that does work it will be possible for http requests to override all files which have apache write permissions. I hope that is part of some larger code base or for personal code use only. Otherwise you’re creating a huge security vulnerability.

1 Like
8

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.