Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

open_basedir restriction #126

Open
labby opened this issue Oct 27, 2019 · 9 comments
Open

open_basedir restriction #126

labby opened this issue Oct 27, 2019 · 9 comments

Comments

@labby
Copy link

labby commented Oct 27, 2019
edited
Loading

Hi there,
is it possible to override the tmp path to avoid acces violations caused by open_basedir restrictions?
Something like $this->handle->custom_path = 'my_new_temp_path';
This would help a lot.
@verot
Copy link
Owner

verot commented Oct 27, 2019

Which access violations? The class should be compatible with open_basedir restrictions (it copie sthe file in the destination directory, over which you should have permissions.

What is precisely your use case? When are the violations happening?

@labby
Copy link
Author

labby commented Oct 28, 2019

this is obviously a special professional installation that throws error_code 6 if the temp directory is not allowed because the tmp_path is not in the "normal" /var/www/my_domain.tld

Hope it is written understandable...

@verot
Copy link
Owner

verot commented Oct 28, 2019

I see. I don't have time to do it now, but you may want to send a patch which I'll gladly merge.

@labby
Copy link
Author

labby commented Oct 28, 2019
edited
Loading

I surely will, but I need some help.
I had a quick look at weekend at the code.
Is function temp_dir() (around line 2714) a good place to hook in?

@verot
Copy link
Owner

verot commented Oct 28, 2019

No, temp_dir() is not used for that purpose. You should look in the code block from line 3320

@labby
Copy link
Author

labby commented Oct 28, 2019

ok, i will give it a try....

@labby
Copy link
Author

labby commented Oct 28, 2019

3320 image_manipulation?
Are you sure?

@verot
Copy link
Owner

verot commented Oct 28, 2019

https://github.com/verot/class.upload.php/blob/master/src/class.upload.php#L3320

// if we have an uploaded file, and if it is the first process, and if we can't access the file directly (open_basedir restriction)
// then we create a temp file that will be used as the source file in subsequent processes
// the third condition is there to check if the file is not accessible *directly* (it already has positively gone through is_uploaded_file(), so it exists)
if (!$this->no_upload_check && empty($this->file_src_temp) && !@file_exists($this->file_src_pathname)) {
    $this->log .= '- attempting to use a temp file:';
    $hash = md5($this->file_dst_name_body . rand(1, 1000));
    if (move_uploaded_file($this->file_src_pathname, $this->file_dst_path . $hash . (!empty($this->file_dst_name_ext) ? '.' . $this->file_dst_name_ext : ''))) {
        $this->file_src_pathname = $this->file_dst_path . $hash . (!empty($this->file_dst_name_ext) ? '.' . $this->file_dst_name_ext : '');
        $this->file_src_temp = $this->file_src_pathname;
        $this->log .= ' file created<br />';
        $this->log .= '&nbsp;&nbsp;&nbsp;&nbsp;temp file is: ' . $this->file_src_temp . '<br />';
    } else {
        $this->log .= ' failed<br />';
        $this->processed = false;
        $this->error = $this->translate('temp_file');
    }
}

@labby
Copy link
Author

labby commented Oct 28, 2019

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@labby @verot