Главная » Языки программирования

Php tmp file to path

На чтение 10 мин
Содержание
  1. tempnam
  2. Список параметров
  3. Возвращаемые значения
  4. Список изменений
  5. Примеры
  6. Примечания
  7. Смотрите также
  8. User Contributed Notes 23 notes

tempnam

Создаёт файл с уникальным именем в определённой директории с правами 0600. Если эта директория не существует или недоступна для записи, tempnam() может создать файл во временной директории системы и вернуть полный путь к этому файлу, включая его имя.

Список параметров

Директория, где будет создан временный файл.

Префикс имени генерируемого файла.

Замечание: Используются только первые 63 символа префикса, остальные игнорируются. В Windows используются только первые три символа префикса.

Возвращаемые значения

Возвращает имя нового временного файла (вместе с путём) или false в случае неудачи.

Список изменений

Версия Описание
7.1.0 tempnam() теперь выдаёт уведомление при возврате во временный каталог системы.

Примеры

Пример #1 Пример использования функции tempnam()

$handle = fopen ( $tmpfname , «w» );
fwrite ( $handle , «записываем в во временный файл» );
fclose ( $handle );

// здесь мы чего-нибудь делаем

Примечания

Замечание: Если PHP не может создать файл в указанной директории directory , он возвращается к директории по умолчанию вашей системы. На NTFS это также происходит в случае, если указанная директория directory содержит более 65534 файлов.

Смотрите также

  • tmpfile() — Создаёт временный файл
  • sys_get_temp_dir() — Возвращает путь к директории временных файлов
  • unlink() — Удаляет файл

User Contributed Notes 23 notes

Watch out using a blank $dir as a «trick» to create temporary files in the system temporary directory.

$tmpfname = tempnam ( » , ‘FOO’ ); // not good
?>

If an open_basedir restriction is in effect, the trick will not work. You will get a warning message like

Warning: tempnam() [function.tempnam]: open_basedir restriction in effect.
File() is not within the allowed path(s): (/var/www/vhosts/example.com/httpdocs:/tmp)

$tmpfname = tempnam ( sys_get_temp_dir (), ‘FOO’ ); // good
?>

Please note that this function might throw a notice in PHP 7.1.0 and above. This was a bugfix: https://bugs.php.net/bug.php?id=69489

You can place an address operator (@) to sillence the notice:

if ( $tmp = @ tempnam () !== false ) // .
>

?>

Or you could try to set the «upload_tmp_dir» setting in your php.ini to the temporary folder path of your system. Not sure, if the last one prevents the notices.

If you go to the linux man page for the C function tempnam(3), you will see at the end «Never use this function. Use mkstemp(3) instead.» But php’s tempnam() function doesn’t actually use tmpnam(3), so there’s no problem (under Linux, it will use mkstemp(3) if it’s available).

tempnam() function does not support custom stream wrappers registered by stream_register_wrapper().

For example if you’ll try to use tempnam() on Windows platform, PHP will try to generate unique filename in %TMP% folder (usually: C:\WINDOWS\Temp) without any warning or notice.

Читайте также:  Html code my profile

echo » ;
error_reporting ( E_ALL );
ini_set ( ‘display_errors’ , true );
clearstatcache ();
stream_register_wrapper ( ‘test’ , ‘MemoryStream’ );

mkdir ( ‘test://aaa’ );
mkdir ( ‘test://aaa/cc’ );
mkdir ( ‘test://aaa/dd’ );
echo ‘PHP ‘ . PHP_VERSION ;
echo ‘
node exists: ‘ . file_exists ( ‘test://aaa/cc’ );
echo ‘
node is writable: ‘ . is_writable ( ‘test://aaa/cc’ );
echo ‘
node is dir: ‘ . is_dir ( ‘test://aaa/cc’ );
echo ‘
tempnam in dir: ‘ . tempnam ( ‘test://aaa/cc’ , ‘tmp’ );
echo «
» ;

?>

ouputs:
———————
PHP 5.2.13
node exists: 1
node is writable: 1
node is dir: 1
tempnam in dir: C:\Windows\Temp\tmp1D03.tmp

If you want to create temporary file, you have to create your own function (which will probably use opendir() and fopen($filename, «x») functions)

I want to guarantee that the file will be created in the specified directory or else the function should return FALSE, I have a simple function that works, but I am unsure if its a potential security issue.

function dir_tempnam($dir, $prefix)
$real_dir_path = realpath($dir);
if (substr($real_dir_path, -1) != ‘/’)
$real_dir_path .= ‘/’;

$tempfile = tempnam($real_dir_path, $prefix);
$name = basename($tempfile);

if(is_file($real_dir_path.$name))
return $name;
else
@unlink($name);
return FALSE;
>
>

This function returns just the name of the temporary file in the specified directory, or FALSE.

Obviously it could return the entire $tempfile, but in my case, I actually want the basename value seperate.

This function creates a temporary directory. The previous example given could bug if between the unlink() and mkdir() some process creates the same directory or file. This implementation is faster too.

function tempdir ( $dir , $prefix = » , $mode = 0700 )
if ( substr ( $dir , — 1 ) != ‘/’ ) $dir .= ‘/’ ;

do
$path = $dir . $prefix . mt_rand ( 0 , 9999999 );
> while (! mkdir ( $path , $mode ));

>Under UNIX (where you can rename onto an extant file and so I used link), you will have to remove both the link and the link’s target.

Couldn’t you do
if ( $newFileCreated ) unlink ( $sysFileName );
return $newFileName ;
>
?>
and get the same semantics as the windows version?

if you don’t want to take care of deleting the file yourself, and you don’t need a custom prefix, you can use
$file_location=stream_get_meta_data(tmpfile())[‘uri’];
file will be created automatically, and deleted automatically on script close (thanks to tmpfile()) i found this useful for CURLOPT_COOKIEFILE (which wants a file location, not a handle)

Creating a temporary file with a specific extension is a common requirement on dynamic websites. Largely this need arises from Microsoft browsers that identify a downloaded file’s mimetype based on the file’s extension.

Читайте также:  Undefined variable errors in php

No single PHP function creates a temporary filename with a specific extension, and, as has been shown, there are race conditions involved unless you use the PHP atomic primitives.

I use only primitives below and exploit OS dependent behaviour to securely create a file with a specific postfix, prefix, and directory. Enjoy.

function secure_tmpname ( $postfix = ‘.tmp’ , $prefix = ‘tmp’ , $dir = null ) // validate arguments
if (! (isset( $postfix ) && is_string ( $postfix ))) return false ;
>
if (! (isset( $prefix ) && is_string ( $prefix ))) return false ;
>
if (! isset( $dir )) $dir = getcwd ();
>

// find a temporary name
$tries = 1 ;
do // get a known, unique temporary file name
$sysFileName = tempnam ( $dir , $prefix );
if ( $sysFileName === false ) return false ;
>

// tack on the extension
$newFileName = $sysFileName . $postfix ;
if ( $sysFileName == $newFileName ) return $sysFileName ;
>

// move or point the created temporary file to the new filename
// NOTE: these fail if the new file name exist
$newFileCreated = ( isWindows () ? @ rename ( $sysFileName , $newFileName ) : @ link ( $sysFileName , $newFileName ));
if ( $newFileCreated ) return $newFileName ;
>

unlink ( $sysFileName );
$tries ++;
> while ( $tries

return false ;
>
?>

The isWindows function is mostly left as an exercise for the reader. A starting point is below:

function isWindows () return ( DIRECTORY_SEPARATOR == ‘\\’ ? true : false );
>
?>

Like tempnam(), this function requires you to cleanup your own files later. Under UNIX (where you can rename onto an extant file and so I used link), you will have to remove both the link and the link’s target. Cleanup is left entirely to the reader.

Notice that tempnam will return NULL (not false) if the second parameter isn’t transferred:
var_dump ( tempnam ( sys_get_temp_dir ())); // NULL
?>
also the warning will be generated:
Warning: tempnam() expects exactly 2 parameters, 1 given in php shell code .

Beware that on Windows NT and other windows, if you have, for example, a variable $work_dir with a path to some dir on your document root(or any other dir). Note the following:
$work_dir = ‘C:/some/path/to/document_root/dir’ ;
file_exists ( $working_dir ); // Returns true
is_writable ( $working_dir ); // Returns true
$tempfile = tempnam ( $working_dir , ‘img’ );
//$temfile now contains a system wide temp directory file, like ‘C:/WINNT.SBS/img444.tmp’ instead of the directory we pass it
//Thats because we need to give I_USR (IIS user) user write permission to $working_dir although according to the aforementioned functions seemed it already had it.
//If you want to use just the system wide temp directory return by default by tempnam you will also need to give it write permission to I_USR user to be able to write to that file.
?>

Читайте также:  Java sms sending code

Beware: functions are not atomic. If many processes call the same function at the same time, you may end up with unwanted behavior.

If you need your own variant of tempnam, use something like this:

function tempnam_sfx ( $path , $suffix )
<
do
<
$file = $path . «/» . mt_rand (). $suffix ;
$fp = @ fopen ( $file , ‘x’ );
>
while(! $fp );

// call it like this:
$file = tempnam_sfx ( «/tmp» , «.jpg» );
?>

You may replace mt_rand() by some other random name generator, if needed.

Be careful with you forward and back slashes. Innocent looking code like this.

$uploaddir = «C:/Program Files/Apache Group/Apache2/htdocs/sasdap/uploads/»;
$tempFile = tempnam ($uploaddir, «TMPANAL»);
$fp = fopen($tmpfname, «w»);
fwrite($fp, $iqdata);
//fclose($fp);

. may show something odd when echoing $tempFile»;

i.e. /Program Files/Apache Group/Apache2/htdocs/sasdap/uploads/\TMP3D.tmp

Must. remember. to. use. backslashes.

tempnam will not create file in unauthorized area.
Meaning you need access permissions to the temp dir ($dir) in order to create a file there.

The «newtempnam» recipe provided below (posted by «tempnam» on » 23-Jul-2003 08:56″) has at least one race condition. The while loop checks to make sure that the file in question doesn’t exist, and then goes and creates the file. In between the existence test and the fopen() call there is an opportunity for an attacker to create the file in question.

This is a classic race-condition, and while it seems difficult to exploit there are a number of well-known attacks against this kind of sloppy file creation.

The atomic primitives necessary to implement secure file creation are not available at the language level in PHP. This further underscores the need for PHP-language developers to rely on the language’s security primitives (including tempnam() and tempfile()) instead of rolling their own.

Guillaume Paramelle’s comments below are worth underlining: tempnam() will not accept a relative path for its first directory. If you pass it one, it will (on Windows XP at least) create the temporary file in the system temp directory.

The easiest way to convert a relative path to an absolute path is to prepend getcwd():

$file = tempnam ( ‘files/temp’ , ‘tmp’ ); // Wrong!
$file = tempnam ( getcwd () . ‘files/tmp’ , ‘tmp’ ) // Right.
?>

function tempdir ( $dir = false , $prefix = ‘php’ ) $tempfile = tempnam ( » , » );
if ( file_exists ( $tempfile )) < unlink ( $tempfile ); >
mkdir ( $tempfile );
if ( is_dir ( $tempfile )) < return $tempfile ; >
>

echo tempdir ();
// returns: /tmp/8e9MLi

Источник

Оцените статью
© 2023 Программирование