Posted by John Murtari on 10/31/46 11:48

"Rik" <google@tfwasmus.enschedenet.nl> writes:

> The problem at hand:
> In a restricted area I let a user upload an image, no problem
> The image gets scaled down with imagecopyresampled(), and stored with
> imagejpeg($resized_img,'/path/to/target/image.jpg')
>
> Problem is: because of safe_mode restrictions I cannot access it from
> the server, only by http://domain.com/images/new_image.jpg.
> I've tried:
> imagejpeg($resized_img,'/path/to/target/image.jpg')
> directly followed by:
> chmod('/path/to/target/image.jpg',0777);
>
> But the same script is also refused chmod().... It should be the same
> user that creates the file, but unfortunately safe_mode won't let me
> chmod() it.
>
> I'm using referring to the image later on by the URL instead of the
> /path/ as a temporary solution to make it work, but now the script
> doesn't have any permission to unlink() the file at a later stage,
> which is functionality I desperately need. How will I be able to
> achieve this?
>
> I thought bout using an FTP connection as a temporary measure, but no
> go there:
> 24-05-06 17:50:55 SITE CHMOD 777 /path/to/image.jpg
> 24-05-06 17:50:55 550 /path/to/image.jpg: Operation not permitted.
>
> The only solution I can think of right now is to catch imagejpg() in an
> output buffer, don't use the filesystem but an ftp-connection to save
> the file, and chmod it by ftp afterwards. An ugly solution, but the
> only thing workable right now...
>
> phpinfo():
> open_basedir /home/user no value
> safe_mode On On
> safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
> safe_mode_gid Off Off
> safe_mode_include_dir no value no value

I'm not sure how you are setup by your description above.
Your provider may have opened some permissions for you on the current
directory you are uploading to? Normally, assuming PHP is run as a
module in Apache, your scripts will execute as the Apache user and any
file uploaded will be owned by the Apache user. If your visitors are
able to upload files, either the directory is owned by Apache - or -
it is owned by you with open write permissions to anyone.

Any attempt to access the file through PHP would fail after
that if safe_mode is On, because your script has a different owner
than the file you want to access. Any attempt at chmod, from FTP
or even the command line would fail since you do not own the file.
However, and I'm pretty sure of this, if you own the directories,
you are allowed to do a 'rename' and move the file from a directory
you own to another -- or even delete the file from the directory.
Please confirm who owns the files after they are uploaded, and
who the directory owner is and directory permmissions.

--
John
___________________________________________________________________
John Murtari Software Workshop Inc.
jmurtari@following domain 315.635-1968(x-211) "TheBook.Com" (TM)
http://thebook.com/

• Next in forum: Re: Apache appending .php extension?
• Prev in forum: How to delete a record in a one to many situation when using a list in form
• Thread view: Re: imagejpg & safe mode & chmod() and uploads

[Reply to this message]