Topic: phproject, file upload while installed on SME 6.01

[arne]

For SME 5.6 the upload function works ok if you make the phprojekt installation undet the http doc root. If you make it in a e-bay it does not work.

For SME 6.0.1 it does not work at all, neither if installed in root directory or in a e-bay.

It apears only one error message .. panic .. can not copy file from /tmp/.. to /directory..

Has anybody made the phprojekt upload function working on an 6.0.1 installation ??

Have worked a lot to solve this problem but have not been able to find a solution yet ...

Best Reg Arne.

[arne]

Found something here at the phprojekt homepage:

Q: I installed PHProjekt on an e-smith, but the file upload doesn't seem to work.
A: This hint here was posted on an e-smith forum (http://www.e-smith.org/bboard/read.php?f=3&i=12704&t=12702)
"Have you disabled the PHP sandbox security that was introduced in SME 5.1.2. This security feature does not allow a PHP script in an ibay to access files outside of the ibay e.g your /tmp directory."

What is PHP sandbox security ?? Eventually .. how to disable ??

[arne]

Something here ??
http://www.e-smith.org/faq.php3#6q12

[k_graham]

For SME 6.0.1 it does not work at all, neither if installed in root directory or in a e-bay.
.

It works for me in 6.01, in the root area installed as per

http://forums.contribs.org/index.php?topic=21585.0

[arne]

Thanks for your comment !

And one thing more .. The problem actually apeared to have something to do with the "sandbox security" or "PHP chroot".

When I disabled this function the phproject upload worked for the root and all virtual domains ..

(For me this security restriction of the SME server have been a bit of a problem, for a while ..)

Arne.

[k_graham]

Thanks for your comment !

And one thing more .. The problem actually apeared to have something to do with the "sandbox security" or "PHP chroot".

When I disabled this function the phproject upload worked for the root and all virtual domains ..

(For me this security restriction of the SME server have been a bit of a problem, for a while ..)

Arne.

Can you write up specifically what you did to disable the feature. Is it per ibay.

Though I have phprojekt working I am tempted to move my grad reunion project to an Ibay so people could access it without the requirement of https: some people have difficulties with the encryption.

Ken

[arne]

It was the info behind this link I used:

http://www.e-smith.org/faq.php3#6q12

<qoute>

PHP applications running in i-bays can only access files within the same i-bay. Is there a way that the administrator can relax this restriction?
Yes. The administrator can change the PHP Base Directory by executing the following commands (as root):

   
/sbin/e-smith/db accounts setprop your_i-bay_name PHPBaseDir /    
/sbin/e-smith/signal-event ibay-modify your_i-bay_name

Note that the PHPBaseDir argument can be more restrictive than the example shown above. For example PHPBaseDir can also be '/home/e-smith/files/'.

<unquote>

I think the priciple you are using is that you are setting the php "protected environment" to involve the root and all the file systems.

If you make this change it will then be possible to make the file upload with phproject from any ibay.
(Because you will have no problem to reach the /tmp directory.)

I also think there is some good resons not to disable this php security function as well. I run it without this security function, but one of the negative sides of this is that it is possible to make php scripts that might have some security risks.

For maximun functionality on the cost of reduced security it could be a good (or bad) idea to disable the php chroot function ..

(One other thing I'm thinking about is it could be possible to modify the phproject so it could work with and together with the php security function. Don't know if this is possible ..)

Best reg Arne.

[arne]

By the way. I think it is possible to change the temp upload directory from /tmp to some address inside the SME php croot.

Have not found out how to do this yet, but I belive that this way of solving this problem will also work, without redusing the security much.

If anybody know how to change the temp upload directory from /tmp to some adress inside the exsisting SME PHP chroot, pleas leave a msg.

(Will also leave some words if I can find it out.)

Arne.

[Henk]

I'm not using phpproject, but some other php scripts.

With one of these scripts (cutenews) file upload didn't work. I've solved this by replacing the @copy command with @move_uploaded_file.

@move_uploaded_file doesn't use the /temp directory, but uploads the file directly to the directory you want to put the file in.

Don't know if you can change the code of phpproject the same way, but if you can, it solves the problem.