[PHP-DOC] #35060 [Opn]: problematic safe_mode restriction in GD library :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> phpdoc

phpdoc

[PHP-DOC] #35060 [Opn]: problematic safe_mode restriction in GD library
by sniper other posts by this author
Nov 2 2005 5:19AM messages near this date

RE: [PHP-DOC] Boolean documentation | [PHP-DOC] #35060 [Opn]: problematic safe_mode restriction in GD library

ID:               35060
 Updated by:       sniper@[...].net
 Reported By:      moron at industrial dot org
 Status:           Open
-Bug Type:         Safe Mode/open_basedir
+Bug Type:         Documentation problem
 Operating System: FreeBSD (likely all)
 PHP Version:      4.4.1RC1
 New Comment:

Docs are wrong.


Previous Comments:
------------------------------------------------------------------------

[2005-11-01 23:00:10] moron at industrial dot org

http://ca.php.net/manual/en/function.imagejpeg.php

"imagejpeg() creates the JPEG file in filename from the image image.
The image argument is the return from the imagecreatetruecolor()
function."

This definition conflicts with the newly stated requirement that the
file in question already exists.  Either the docs are wrong or the
safe_mode check is broken.

------------------------------------------------------------------------

[2005-11-01 22:57:10] moron at industrial dot org

What is bogus about the bug exactly? If "touch()" can create the file
then so should imagejpeg() - is that not the entire point of that
function, to create a file?  Nothing in the docus that I could see
state that the file needs to exist previously. 

Also, if this is a "feature" can you please explain what that feature
is exactly?  It does not seem to adhere to any sane permission scheme I
can think of, at least as far as running PHP as a module under UNIX
style operating systems go.

If this "feature" will not be going away, any chance of getting the
imagejpeg docs updated to note that the new requirement is that the
file in question already exists before it can be written to?

Cheers

------------------------------------------------------------------------

[2005-11-01 22:51:14] sniper@[...].net

and in PHP 5.1 there are even MORE of these checks! =)
(hint: this is not a bug but a feature)



------------------------------------------------------------------------

[2005-11-01 22:39:24] jerome at blion dot dyndns dot org

touch('files/thingy/test.jpg');
before imagejpeg worked for me

------------------------------------------------------------------------

[2005-11-01 22:11:33] moron at industrial dot org

Description:
------------
A new safe_mode check has been added to PHP's GD library functions that
affects image creation functions.  The changed line is here:

ext/gd/gd.c:1647: if (!fn || fn == empty_string ||
php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {

As of 4.4.1 the following is new:

(PG(safe_mode) && !php_checkuid(fn, "rb+",
CHECKUID_CHECK_FILE_AND_DIR))

Since this change GD is not able to create new images, presumably due
to the above permissions check failing.


The problem with this code (if I am guessing what "php_checkuid" does
correctly) is that it seems to make an invalid assumption as to how
ownership works under Unix operating systems. Unless you run PHP as a
CGI (running as the script owner), created files will always be owned
by the generic web user ("www", "nobody", etc.).  This means that the
above check will fail since the ownership of the created file will not
match that of the parent script.

What should be checked here is the group ownership and file level
permissions since the owner will always be the web user (especially if
the directory structure has been created on the fly). 

As it stands, if you run under safe_mode and with PHP as a module under
a Unix type system, you will always fail the safe_mode check and be
unable to create images with the GD libraries.

Other file system functions appear to be unaffected (i.e.
move_uploaded_file, copy, mkdir, etc.).

Cheers

Reproduce code:
---------------
<?php
// safe_mode is enabled

$img_out=imagecreatetruecolor(200,200);
imagejpeg($img_out,'files/thingy/test.jpg',100);
imagedestroy($img_out);
?> 
                



Expected result:
----------------
new image created "files/thingy/test.jpg"

Actual result:
--------------
Warning: imagejpeg(): Unable to access files/thingy/test.jpg in
/home/moron/www/test.php on line 3

Warning: imagejpeg(): Invalid filename 'files/thingy/test.jpg' in
/home/moron/www/test.php on line 3

Here are the permissions in that directory:

drwxr-xrwx  15 nobody  12345  512 Sep 10  2004 files/thingy/

Here are the permissions on the script:

-rw-r--r--  1 33300  12345    122 Nov  1 13:03 test.php


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=35060&edit=1

Thread:

sniper

Moron At Industrial Dot Org