#71 Uploaded media is manipulated too early

[Jason Judge]

When new media is uploaded, it should only be accessed via the move_uploaded_file() file. The application must assume that it has no direct access to the uploaded file until it has moved it into its own temporary work area.

At the moment, the application does all sorts of manipulation of the uploaded file before it is moved - directly in /tmp - or wherever the files get uploaded to. This causes the upload to fail on most hosted solutions, since direct access to the upload are is restricted to web processes for security reasons.

To fix this, use move_uploaded_file() as the *first* step to move the file to a local area (the size and file name can be checked in the server variables before it is moved, but nothing else). Once it is moved, the file can be manipulated as required.

Things to watch out for:

1. The file should keep its temporary name in the new temporary area to avoid clashes with other users uploading files with the same name.

2. Remember to delete the file if it is subsequently deemed to be unusable. A regular cleanup process can delete anything older than a given threshold as a safety measure.

The symptoms of this problem is that on uploading a file, the user is presenting with a pair of errors:

Undefined variable "source_file".
Cannot open file "".