534 Posts in 367 Topics by 229 members
|Go to End|
7 July 2009 at 1:19am
My hosting provider has got some special security-features. My problem is now: i want to set the right filepermissions for uploaded files automaticly. E.g. when I upload a pdf into a page, it should have the permissions 0640 and not anything other.
Is there a way to tell Silverstripe for which filetypes it shout use the right permissions?
Thanks in advance!
8 July 2009 at 2:37pm
Is it just files uploaded to SS you are thinking about? Are the default permissions too much or not enough in your view?
A way around this might be to upload the file to "assets" with an FTP client and set the permissions that way.
Don't know of a way to configure the permissions SS sets but I know it can be done in php.
9 July 2009 at 4:21am
Thanks for the reply!
Changing the permissions with an FTP-Client is no problem for me, but for my clients
I thought that there's perhaps a config-file where I can say Silverstripe what permissions it should use for the different types of files. Independent if they are self created or uploaded.
Is there a way to set then generally?
9 July 2009 at 5:44am
Have a look at the sapphire/filesystem/Filesystem.php class.
It defines two public static members for file and folder creation.
You should be able to set them in your _config.php, like this:
Filesystem::$file_create_mask = 02775;
Filesystem::$folder_create_mask = 02775;
Not sure if this has any influence when uploading files, but it certainly does when you create folders via SilverStripe.
If that doesn't work, you could create a shell script that finds and updates files with the wrong permission. Then regularly run the script as a cron-job?
9 July 2009 at 9:16pm
Thanks, this would be the first step. Do you know, if I can also set specific permissions for php-files?
I'll try, if uploaded files are influenced by this settings. The shell-script-cron-job-sollution is not a real sollution for me, because the files, I am talking about, will be uploaded by users. And you always got to wait, until the cron-job is through, before they can access the files...
Sorry I'm just in a hurry, so my answer is quite short. But thanks a lot for the tip with the _config.php!
15 July 2009 at 9:02am
You could decorate the 'File' class so that uploaded files have their permissions modified after write.
However, this raised some alarm bells:
> Do you know, if I can also set specific permissions for php-files?
You're not trying to allow execution of uploaded php, are you?
Your htaccess should prevent execution of .php, .phtml and .shtml (at least), and you should ensure that the upload directory has no execution privileges etc. Even then, it isn't particularly secure.
15 July 2009 at 9:37am
Hehe, good idea, but I am far away from this!!!
No, my hosting provider has some special permissions for php-files. just "r--------" (0600). Therefore I wanted it.
But my problem is solved, because I changed now to hosteurope...
But thanx for the help and the warning!
|Go to Top|