Letting users upload files to your server can be very risky. If you’re not careful, you could get users uploading all sorts of files which could be harmful for out of disk and tons of virus in your server.
Let’s go into very interesting topic of tmp folder
/tmp folder gets cleared on shutdown or boot time but never effect in runtime. Even if /tmp is getting cleared at runtime any decent script wouldn’t delete a file that new.
check the script timeout settings in phpinfo(). PHP may be terminating the script because its taking too long to upload (ie, the script is taking too long to execute).
Timeouts Connection: 300 – Keep-Alive: 5
default_socket_timeout 60 60
Set upload_tmp_dir to a folder that is:
- upload_tmp_dir allows you to specify where uploaded files should be saved until the handling script moves them to a more permanent location.
- The temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as. If not specified PHP will use the system’s default.
- outside the document root of your web site
- not readable or writable by any other system users
You can set upload_tmp_dir in the php.ini file:
Set upload_tmp_dir to a safe location
upload_tmp_dir = /var/www/foo.bar/sessions
The setting can also be applied in apache’s httpd.conf file, or an .htaccess file:
# Set upload_tmp_dir to a safe location
php_value upload_tmp_dir /var/www/foo.bar/sessions