plugin-SecurityInfo icon indicating copy to clipboard operation
plugin-SecurityInfo copied to clipboard
verified publisher icon matomo-org

Check for upload_tmp_dir maybe broken

Open gittoar opened this issue 10 years ago • 1 comments

DocumentRoot /var/www/piwik upload_tmp_dir /var/www/piwik_tmp (0700)

phpsecinfo.com says "Pass upload_tmp_dir is enabled, which is the recommended setting. Make sure your upload_tmp_dir path is not world-readable Current Value: /var/www/piwik_tmp/ Recommended Value: A non-world readable/writable directory More information »".

SecurityInfo says "unable to retrieve file permissions on upload_tmp_dir".

So the SecurityInfo does not check the return-codes/-infos from phpsecinfo.com properly or the implementation differs from phpsecinfo.com. This is confusing and should be corrected and more documented for minimum debugging purpose. Thanks.

gittoar avatar Dec 28 '15 14:12 gittoar

Do you have your tmp dir set in open_basedir?

wwuck avatar Mar 24 '17 05:03 wwuck