Jump to content

[Bug] In Invisionboard v 2.1.1 (and most propably before)

Guest Vir@s

By Guest Vir@s
in Feedback

Recommended Posts

Vir@s Newbie

Vir@s

Posted
Posted

Hi!

I'm not 100% sure if this is the correct forum to post or not - but if not feel free to move it :).

I got version 2.1.1 and had the problem that uploading of files is not possible if open_basedir restriction is running.

I isolated the problem - here is it (taken from class_upload.php, starting with line 363):

if ( $this->image_check )

{

	$img_attributes = @getimagesize( $_FILES[ $this->upload_form_field ]['tmp_name'] );


	if ( ! is_array( $img_attributes ) or ! count( $img_attributes ) )

	{

		$this->error_no = 5;

		return;

	}

	else if ( ! $img_attributes[2] )

	{

		$this->error_no = 5;

		return;

	}

}



The problem is, that the getimagesize tries to access the temporary file directly (the tmp dir is normally outside the basedir) and so therefor the openbasedir restriction blocks the access to that file.

My suggestion: move the uploaded file to a temporary position (inside the root path) before doing the checks.

If you need any additional information, please let me know!

Mfg,
Vir@s

Link to comment
Share on other sites
Vir@s Newbie

Vir@s

Posted
Posted

Here is a possible workaround. What I did is just moving the whole image check after the move_uploaded_file command. If it isn't a valid image it gets deleted.

		$this->saved_upload_name = $this->out_file_dir.'/'.$this->parsed_file_name;


		if ( ! @move_uploaded_file( $_FILES[ $this->upload_form_field ]['tmp_name'], $this->saved_upload_name) )

		{

			$this->error_no = 4;

			return;

		}

		else

		{

			@chmod( $this->saved_upload_name, 0777 );


			//-------------------------------------------------

			// Is it an image?

			//-------------------------------------------------


			if ( is_array( $this->image_ext ) and count( $this->image_ext ) )

			{

				if ( in_array( $this->file_extension, $this->image_ext ) )

				{

					$this->is_image = 1;


					//-------------------------------------------------

					// Are we making sure its an image?

					//-------------------------------------------------


					if ( $this->image_check )

					{

						$img_attributes = @getimagesize( $this->saved_upload_name );


						if ( ! is_array( $img_attributes ) or ! count( $img_attributes ) )

						{

							$this->error_no = 5;

							unlink( $this->saved_upload_name );

							return;

						}

						else if ( ! $img_attributes[2] )

						{

							$this->error_no = 5;

							unlink( $this->saved_upload_name );

							return;

						}

					}

				}

			}

		}

	}

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2023 IPS, Inc.
×
×
  • Create New...