Jump to:

7939 Posts in 1472 Topics by 944 members

DataObjectManager Module

SilverStripe Forums » DataObjectManager Module » Security related issue in ImageGallery

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 923 Views
  • anthoro
    Avatar
    Community Member
    4 Posts

    Security related issue in ImageGallery Link to this post

    I'm having trouble using the ImageManager module. There is some security issue going on between 2 users, my user account (myaccount) and the apache user (www-data).

    When i uploaded the site, it was created with my user account (myaccount). The same account is used when I upload files or create folders using FTP. No problem with that.

    Files and folders created through the website however, are created with the apache user (www-data).
    This is where I think things start the go wrong.
    When a new ImageGalleryPage is created, it succesfully creates the 'New-ProjectPage' in the assets/image-gallery/ folder (with owner 'www-data' and mask 0755). When the module tries to create a new sub-folder ('Default Album'), the error occurs.

    I'm using the latest versions of SilverStripe v2.4.2, ImageGallery v1.0 r493 and DataObjectManager r504.

    Is there anyone that can help me with this issue as this is blocking me from further developping this site with SilverStripe?

    The AddPageOptionsForm action returns following error:

    ERROR [Warning]: mkdir() [<a href='function.mkdir'>function.mkdir</a>]: SAFE MODE Restriction in effect. The script whose uid is 10096 is not allowed to access /var/www/vhosts/myaccount/httpdocs/assets/image-gallery/New-ProjectPage owned by uid 33
    IN POST /admin/AddPageOptionsForm
    Line 26 in /var/www/vhosts/myaccount/httpdocs/sapphire/filesystem/Filesystem.php

    Source
    ======
    17:     * Create a folder on the filesystem, recursively.
    18:     * Uses {@link Filesystem::$folder_create_mask} to set filesystem permissions.
    19:     * Use {@link Folder::findOrMake()} to create a {@link Folder} database
    20:     * record automatically.
    21:     *
    22:     * @param String $folder Absolute folder path
    23:     */
    24:    static function makeFolder($folder) {
    25:       if(!file_exists($base = dirname($folder))) self::makeFolder($base);
    * 26:       if(!file_exists($folder)) mkdir($folder, Filesystem::$folder_create_mask);
    27:    }
    28:    
    29:    /**
    30:     * Remove a directory and all subdirectories and files.
    31:     *
    32:     * @param String $folder Absolute folder path

    Trace
    =====
    <ul>mkdir(/var/www/vhosts/myaccount/httpdocs/assets/image-gallery/New-ProjectPage/Default-Album/,511)
    line 26 of Filesystem.php

    Filesystem::makeFolder(/var/www/vhosts/myaccount/httpdocs/assets/image-gallery/New-ProjectPage/Default-Album/)
    line 54 of Folder.php

    Folder::findOrMake(image-gallery/New-ProjectPage/Default Album)
    line 104 of ImageGalleryPage.php

    ImageGalleryPage->requireDefaultAlbum()
    line 86 of ImageGalleryPage.php

    ImageGalleryPage->checkFolder()
    line 63 of ImageGalleryPage.php

    ImageGalleryPage->onAfterWrite()
    line 1056 of DataObject.php

    DataObject->write()
    line 559 of CMSMain.php

    CMSMain->addpage(Array,Form,SS_HTTPRequest)
    line 300 of Form.php

    Form->httpSubmission(SS_HTTPRequest)
    line 137 of RequestHandler.php

    RequestHandler->handleRequest(SS_HTTPRequest)
    line 155 of RequestHandler.php

    RequestHandler->handleRequest(SS_HTTPRequest)
    line 147 of Controller.php

    Controller->handleRequest(SS_HTTPRequest)
    line 281 of Director.php

    Director::handleRequest(SS_HTTPRequest,Session)
    line 124 of Director.php

    Director::direct(/admin/AddPageOptionsForm)
    line 127 of main.php

    </ul>

  • anthoro
    Avatar
    Community Member
    4 Posts
    923 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.