PhpSecInfo Test Information
Checks if the current upload_tmp_dir is a world readable or writable folder, and if it matches the common UNIX system temp directory.
upload_tmp_dir allows you to specify where uploaded files should be saved until the handling script moves them to a more permanent location. If this file is within the document root of the web site and/or accessible to system users other than PHP's user, it could be modified or overwritten while PHP is processing it. By default upload_tmp_dir is set to the system's standard temporary directory, which can typically be accessed by all system users.
Set upload_tmp_dir to a folder that is:
- outside the document root of your web site
- not readable or writable by any other system users
You can set upload_tmp_dir in the php.ini file:
; Set upload_tmp_dir to a safe location upload_tmp_dir = /var/www/foo.bar/sessions
The setting can also be applied in apache's httpd.conf file, or an .htaccess file:
# Set upload_tmp_dir to a safe location php_value upload_tmp_dir /var/www/foo.bar/sessions