Jump to:

7940 Posts in 1543 Topics by 946 members

DataObjectManager Module

SilverStripe Forums » DataObjectManager Module » Security related issue in ImageGallery

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 991 Views
  • anthoro
    Community Member
    4 Posts

    Security related issue in ImageGallery Link to this post

    I'm having trouble using the ImageManager module. There is some security issue going on between 2 users, my user account (myaccount) and the apache user (www-data).

    When i uploaded the site, it was created with my user account (myaccount). The same account is used when I upload files or create folders using FTP. No problem with that.

    Files and folders created through the website however, are created with the apache user (www-data).
    This is where I think things start the go wrong.
    When a new ImageGalleryPage is created, it succesfully creates the 'New-ProjectPage' in the assets/image-gallery/ folder (with owner 'www-data' and mask 0755). When the module tries to create a new sub-folder ('Default Album'), the error occurs.

    I'm using the latest versions of SilverStripe v2.4.2, ImageGallery v1.0 r493 and DataObjectManager r504.

    Is there anyone that can help me with this issue as this is blocking me from further developping this site with SilverStripe?

    The AddPageOptionsForm action returns following error:

    ERROR [Warning]: mkdir() [<a href='function.mkdir'>function.mkdir</a>]: SAFE MODE Restriction in effect. The script whose uid is 10096 is not allowed to access /var/www/vhosts/myaccount/httpdocs/assets/image-gallery/New-ProjectPage owned by uid 33
    IN POST /admin/AddPageOptionsForm
    Line 26 in /var/www/vhosts/myaccount/httpdocs/sapphire/filesystem/Filesystem.php

    17:     * Create a folder on the filesystem, recursively.
    18:     * Uses {@link Filesystem::$folder_create_mask} to set filesystem permissions.
    19:     * Use {@link Folder::findOrMake()} to create a {@link Folder} database
    20:     * record automatically.
    21:     *
    22:     * @param String $folder Absolute folder path
    23:     */
    24:    static function makeFolder($folder) {
    25:       if(!file_exists($base = dirname($folder))) self::makeFolder($base);
    * 26:       if(!file_exists($folder)) mkdir($folder, Filesystem::$folder_create_mask);
    27:    }
    29:    /**
    30:     * Remove a directory and all subdirectories and files.
    31:     *
    32:     * @param String $folder Absolute folder path

    line 26 of Filesystem.php

    line 54 of Folder.php

    Folder::findOrMake(image-gallery/New-ProjectPage/Default Album)
    line 104 of ImageGalleryPage.php

    line 86 of ImageGalleryPage.php

    line 63 of ImageGalleryPage.php

    line 1056 of DataObject.php

    line 559 of CMSMain.php

    line 300 of Form.php

    line 137 of RequestHandler.php

    line 155 of RequestHandler.php

    line 147 of Controller.php

    line 281 of Director.php

    line 124 of Director.php

    line 127 of main.php


  • anthoro
    Community Member
    4 Posts
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.