Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

DataObjectManager Module /

Discuss the DataObjectManager module, and the related ImageGallery module.

Moderators: martimiz, UncleCheese, Sean, Ed, biapar, Willr, Ingo, swaiba

Security related issue in ImageGallery

Go to End

2 Posts   1460 Views


Community Member, 4 Posts

5 October 2010 at 3:16am

I'm having trouble using the ImageManager module. There is some security issue going on between 2 users, my user account (myaccount) and the apache user (www-data).

When i uploaded the site, it was created with my user account (myaccount). The same account is used when I upload files or create folders using FTP. No problem with that.

Files and folders created through the website however, are created with the apache user (www-data).
This is where I think things start the go wrong.
When a new ImageGalleryPage is created, it succesfully creates the 'New-ProjectPage' in the assets/image-gallery/ folder (with owner 'www-data' and mask 0755). When the module tries to create a new sub-folder ('Default Album'), the error occurs.

I'm using the latest versions of SilverStripe v2.4.2, ImageGallery v1.0 r493 and DataObjectManager r504.

Is there anyone that can help me with this issue as this is blocking me from further developping this site with SilverStripe?

The AddPageOptionsForm action returns following error:

ERROR [Warning]: mkdir() [<a href='function.mkdir'>function.mkdir</a>]: SAFE MODE Restriction in effect. The script whose uid is 10096 is not allowed to access /var/www/vhosts/myaccount/httpdocs/assets/image-gallery/New-ProjectPage owned by uid 33
IN POST /admin/AddPageOptionsForm
Line 26 in /var/www/vhosts/myaccount/httpdocs/sapphire/filesystem/Filesystem.php

17: * Create a folder on the filesystem, recursively.
18: * Uses {@link Filesystem::$folder_create_mask} to set filesystem permissions.
19: * Use {@link Folder::findOrMake()} to create a {@link Folder} database
20: * record automatically.
21: *
22: * @param String $folder Absolute folder path
23: */
24: static function makeFolder($folder) {
25: if(!file_exists($base = dirname($folder))) self::makeFolder($base);
* 26: if(!file_exists($folder)) mkdir($folder, Filesystem::$folder_create_mask);
27: }
29: /**
30: * Remove a directory and all subdirectories and files.
31: *
32: * @param String $folder Absolute folder path

line 26 of Filesystem.php

line 54 of Folder.php

Folder::findOrMake(image-gallery/New-ProjectPage/Default Album)
line 104 of ImageGalleryPage.php

line 86 of ImageGalleryPage.php

line 63 of ImageGalleryPage.php

line 1056 of DataObject.php

line 559 of CMSMain.php

line 300 of Form.php

line 137 of RequestHandler.php

line 155 of RequestHandler.php

line 147 of Controller.php

line 281 of Director.php

line 124 of Director.php

line 127 of main.php



Community Member, 4 Posts

7 October 2010 at 1:11am