Conflicting Users and permissions with file uploads

[Connie]

I think it is a bug in CMSimple, that's why I post it here

Unfortunately CMSimple just uploads files (mostly images). moves them from the temporary to the images - folder and does not set any permissions
see here: in adm.php

Code: Select all

if(!$e){if(@move_uploaded_file(im($f,'tmp_name'),$pth['folder'][$f].$name))$o.='<p>'.ucfirst($tx['filetype']['file']).' '.$name.' '.$tx['result']['uploaded'].'</p>';

Other systems set permissions after uploading and moving, CMSimple does not.

So there are server configurations, where this behaviour creates a lot of problems.
I have 40 domains at a server which unfortunately uses CONFIXX (I want CPANEL!!!)

PHP is installed as CGI, but CONFIXX needs mod_php
so both are installed at the server and the result?

uploaded files have the right 600
nobody can see them

if CMSimple would set permissions after uploading and moving to the destination folder, everything would be fine and smooth.
But CMSimple does not.

I tested at the same server WordPress, Pivot, CMSMadeSimple, Drupal ... they all set permissions after uploading and no problems

Now I have to set permissions after each upload or to run a cron-job permanently to set these permissions because my clients will not understand this...

so, Peter, please add this to your adm.php and make me happy!

Connie

[Holger]

Hi Connie,

Try this solution:
http://www.cmsimple.dk/forum/viewtopic.php?f=13&t=3970

Or use copy instead of move:
http://www.cmsimple.dk/forum/viewtopic.php?f=4&t=3607

Holger

[Connie]

Holger,

I know there are some workarounds, but it is still a bug in the programm

If Peter fixes that there will be no need and frustration and stress and feeling bad and and and ....

and no need to explain to your clients why suddenly basic things don't work anymore!

anyway I did start to edit adm.php as well, the second solution takes too much server time...

greetings,

Connie

[Holger]

Holger,

I know there are some workarounds, but it is still a bug in the programm

If Peter fixes that there will be no need and frustration and stress and feeling bad and and and ....

and no need to explain to your clients why suddenly basic things don't work anymore!

anyway I did start to edit adm.php as well, the second solution takes too much server time...

greetings,

Connie

Yepp, you're right. Sorry.

Holger

[Connie]

You can download patches for the CMSimple-Version 2.7 - 3.2 at http://www.webdeerns.de/?CMSimple_Downloads now

[harteg]

I do not believe it is a bug in CMSimple, but it is a misconfiguration of the server.

I have never installed CMSimple on a webhotel, where it was a problem.

I could add this feature, but then the question is, what excactly the file should be chmod'ed to, also that will depend on the server setup.

[Connie]

Peter,

you cannot change a lot of servers because of CMSimple and many servers are configured like this, consider it a misconfiguration or not.

If you check other scripts (Wordpress, Pivot, Nucleus, Pixelpost to name a view) you will see that most of the scripts DO a CHMOD after UPLOAD

and which permission?

0664 seems to be the best, not 0777 for complete folders...

write and read for the file-owner
write and read for the user
read for global

it is just a line of code, I think just to suggest to set /images and files in /images to 777 is too easy.

Please do it. It helps a lot. I had a lot of trouble with clients who did not see uploaded images anymore and I had to find out a solution....

please do it

Connie

[Holger]

Peter,
consider to make the CHMOD value as a variable in config.php, so the Installer can set a proper value, depending on his server configuration.
You can leave this variable blank by default, so no CHMOD will be done by uploading an image or a file.
So we have the same behavior as with the upload function until now.

If you consider to set a value by default, I'll suggest 0644.

And it's true. From my work on the Gallery-Plugin I' know that there are a lot of servers with such misconfigurations running out there.
IMHO it's an issue with the script, if CHMOD on upload isn't possible.

Holger

[cmb]

Hi,

rather old thread, I've stumbled upon. But I've just seen, that the new Filebrowser doesn't do a chmod() on uploaded files too. And this might indeed be a problem on some servers. I was not able to find documention about how move_uploaded_file() handles the file's permission in the PHP documentation, but some comments and other sources mentioned that there may be problems, which could be avoided by using copy() or chmod().

BTW: hi_kcfinder and Ajaxfilemanager_XH do a chmod() after move_uploaded_file().

So, should this be fixed?

Christoph

[svasti]

Hi Christoph,

So, should this be fixed?

definitely!
I've had this problem on one server where I couldn't download image files uploaded by the customer and couldn't even change the permissions with filezilla, because the ftp wasn't the owner of the files. I had to write a small php-program to change file permissions, ha, ha.

svasti