Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts

    fopen failing to open stream in /var/tmp/

    The key issues are that i get this error:

    Warning: fopen(/var/tmp/phghvBL8Y) [function.fopen]: failed to open stream: Permission denied in /.../myfile.php on line 99

    and I need to write to the file. Also, I have changed php.ini to point to /tmp which I've been told is a directory I should not have an issue writing to files in (unlike /var/tmp).

    the php file and neighboring files do not reference /var/tmp/

    So, my question is how do I resolve this issue or what other information can I provide?

  • #2
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts
    Can you post your code so we can inspect the messed up line? And did you chmod the files or directory?

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Isn't really necessary: Permission denied.
    /tmp is likely writable, but that doesn't necessarily mean the files within it are. That will depend on the owner, group settings of /tmp and the umask. Typically the settings are 777+t, so I'd say that its probably a umask of 022 or 222.
    Given the filename and in /tmp, is this an upload? Just use move_uploaded_file to put it in a directory which you can write in.

    Edit:
    Also I assumed you opened in mode 'w'. r, r+, and w+ will all change what the possible permission or umask settings could be.
    Last edited by Fou-Lu; 02-24-2012 at 06:19 AM.

  • #4
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Tried fopen with 'w' but get the same error...

    "Just use move_uploaded_file to put it in a directory which you can write in." <---- I'll try that.


    The line where the code is yielding the error message in my original post is in bold below. As you can see, I have attempted to chmod the file. The /tmp/ dir is 755 and I can't seem to access the /var/tmp/ directory to 755 it although I am working on that. Any comments on anything (server & code issues) appreciated here.


    if ($_FILES[html_file]['name'] != '')
    {
    $html = $_FILES['html_file']['tmp_name'];
    $html = @file($html);
    $html = @join("",$html);

    $src_file = $_FILES[html_file]['name'];

    $hash = md5(uniqid(rand(),1));
    $hash = substr ($hash,0,4);
    $src_file = $hash.$src_file;

    $dir = "../ebb/";

    $fullpath = $dir.$src_file;


    if (is_uploaded_file($_FILES['html_file']['tmp_name']))
    {
    chmod($_FILES['html_file']['tmp_name'], 777);

    //Begin Sanitation Phase

    ini_set('memory_limit', '512M');
    $phase_one_file = $_FILES['html_file']['tmp_name'];
    $phase_one_opened_file = fopen($phase_one_file, 'w');
    $phase_one_contents = stream_get_contents($phase_one_opened_file);
    print_r($phase_one_contents);
    $to_be_erased = array("<a>", "</a>", "<span>", "<p></p>", "<span></span>", "</span>");
    $new_contents_erased_tags = str_replace($to_be_erased, "", $phase_one_contents);


    rewind($phase_one_opened_file);
    fseek($phase_one_opened_file, 0, SEEK_SET);
    if (fwrite($phase_one_opened_file, $new_contents_erased_tags) === FALSE){
    echo "Cannot write to file ($phase_one_opened_file)";
    exit;
    }

    if (fclose($phase_one_opened_file) === FALSE){
    echo "Cannot close file ($phase_one_opened_file)";
    exit;
    }

    $domd = new DOMDocument();
    libxml_use_internal_errors(true);
    $domd->loadHTMLFile($new_contents_erased_tags);
    libxml_use_internal_errors(false);

    $domx = new DOMXPath($domd);
    $items = $domx->query("//*[@style]");

    foreach($items as $item) {
    $item->removeAttribute("style");
    }

    $items = $domx->query("//*[@class]");

    foreach($items as $item) {
    $item->removeAttribute("class");
    }

    $items = $domx->query("//*[@name]");

    foreach($items as $item) {
    $item->removeAttribute("name");
    }

    $items = $domx->query("//*[@lang]");

    foreach($items as $item) {
    $item->removeAttribute("lang");
    }

    $items = $domx->query("//*[@span]");

    foreach($items as $item) {
    $item->removeAttribute("span");
    }

    $newfile = $_FILES['html_file']['tmp_name'];

    $domd->saveHTMLFile($newfile);

    //End Sanitation Phase
    move_uploaded_file($new_contents_erased_tags, $fullpath);
    }
    else
    {
    echo "Possible file upload attack. Filename: " . $HTTP_FILES[html_file]['name'];
    }

    $set .= ", src_file='$src_file'";
    }


    $q = "insert into ebb set $set";
    $db->insert($q);
    Last edited by cyborg360; 02-24-2012 at 06:50 PM.

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    No, you need to use move_uploaded_file. 755 doesn't have write privilege on the files, and you certainly cannot take ownership of it.
    Use move_uploaded_file to place it in a "local" location to your site, then open it from that location.

    Edit:
    I assumed you are not root? If you are, you can open up 777+t onto the /tmp using chmod from your ssh client. If you are not root, you cannot change the permissions of the /tmp as you will not own it.

  • #6
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Still have this issue..

    Warning: fopen(../imp_b1/4f1esample2.htm) [function.fopen]: failed to open stream: Permission denied

    the directory was confirmed to be set to 775 and I am chown'ing the file before fopen, yet still receive this error after moving the file with move_uploaded_file() on the remote server (hostmonster).

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    So this directory is within your control correct?
    Pull the permissions:
    PHP Code:
    $sPath '../imp_b1/4f1esample2.htm';
    $cwd getcwd();
    chdir(dirname($sPath));
    printf("Permissions of %s are: %o" PHP_EOLfileperms($sPath));
    printf("Umask of %s is: %o" PHP_EOLgetcwd(), umask()); 
    What does that show?

  • #8
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    So this directory is within your control correct?
    Pull the permissions:
    PHP Code:
    $sPath '../imp_b1/4f1esample2.htm';
    $cwd getcwd();
    chdir(dirname($sPath));
    printf("Permissions of %s are: %o" PHP_EOLfileperms($sPath));
    printf("Umask of %s is: %o" PHP_EOLgetcwd(), umask()); 
    What does that show?
    Thanks for your responses. Sorry I can't get all the responses you need this post. Here is what I did get:

    printf("Permissions of %s are: %o" . PHP_EOL, fileperms($sPath));
    printf() [function.printf]: Too few arguments in ...

    printf("Umask of %s is: %o" . PHP_EOL, getcwd(), umask());
    Umask of ... is 22

  • #9
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    changed code to use chmod($fullpath_and_file, 0755); and seems to fopen now but now see:

    Warning: DOMDocument::loadHTMLFile() expects parameter 1 to be string, resource given
    Warning: DOMDocument::saveHTMLFile() expects parameter 1 to be string, resource given

    Maybe belongs in new thread. Any comments on the errors though?

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Looks like I biffed that first printf, I meant to add $sPath to it as well.
    Your resource is from $fp which isn't usable in the scope of the dom. It would probably be easier to work with a new thread (please use [php][/php] tags for the code). I think you are overthinking what you need to do, PHP has built in functions such as strip_tags to remove tags from strings, or replacements to remove tags including the blocks. To me, none of that really makes sense if you plan on using the DOM anyway, as you can ignore them completely or replace the tags through the dom instead.

  • #11
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Looks like I biffed that first printf, I meant to add $sPath to it as well.
    Your resource is from $fp which isn't usable in the scope of the dom. It would probably be easier to work with a new thread (please use [php][/php] tags for the code). I think you are overthinking what you need to do, PHP has built in functions such as strip_tags to remove tags from strings, or replacements to remove tags including the blocks. To me, none of that really makes sense if you plan on using the DOM anyway, as you can ignore them completely or replace the tags through the dom instead.
    is there a complete list of the built in functions i might want to use like strip_tags somewhere? Or you just suggest learning DOMdocument class better?

  • #12
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Edit:
    Also I assumed you opened in mode 'w'. r, r+, and w+ will all change what the possible permission or umask settings could be.
    mode w will make domdocument class' loadhtml report empty string whereas with r+ it doesn't. not sure why.

  • #13
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Mode w doesn't have read capabilities, only write. You need to use either r+, or w+ with a rewind to pull the read. w will truncate the file to 0 as will w+, but only w+ is capable of reading back.

    I would choose one or the other depending on what has to get done. DOM can load a file by name, so you don't need to do any manipulations. File handling can be simplified to pull straight strings and replace, then load the dom from a string instead of a file. From what I see, you can use either the dom or the file handling, but not both are required.

    As for functions, the api can be found at php.net. You can browse the documentation for what you want like the string library, or use the search menu to find a specific function. PHP has a lot of built in functions. And I mean a lot.

  • #14
    Regular Coder
    Join Date
    Nov 2009
    Posts
    202
    Thanks
    25
    Thanked 0 Times in 0 Posts
    update: may have found resolution. code that displays result of upload may be pulling from another location.

    I'm trying this now with less code to make things simpler:

    PHP Code:
    $fullpath_and_file $dir.$src_file;
                        if (
    is_uploaded_file($_FILES['html_file']['tmp_name']))
                        {      
                                
    //error_reporting(-1);
                                //ini_set('display_errors', 'on');
                                
    move_uploaded_file($_FILES['html_file']['tmp_name'], $fullpath_and_file);
                                
    chmod($fullpath_and_file0755);
                                
    ini_set('memory_limit''512M');
                                
    $phase_one_file $fullpath_and_file;
                                
    $phase_one_opened_file fopen($fullpath_and_file'r+');
                                
    $phase_one_contents stream_get_contents($phase_one_opened_file);
         
                                
    $to_be_erased = array("<a>""</a>""<span>""<p></p>""<span></span>""</span>");
                                
    $new_contents_erased_tags str_replace($to_be_erased""$phase_one_contents);
                                
    rewind($phase_one_opened_file);
                                
    fseek($phase_one_opened_file0SEEK_SET);
                                if (
    fwrite($phase_one_opened_file$new_contents_erased_tags) === FALSE){
                                        echo 
    "Cannot write to file ($phase_one_opened_file)";
                                        exit;
                                }              
                                if (
    fclose($phase_one_opened_file) === FALSE){
                                        echo 
    "Cannot close file ($phase_one_opened_file)";
                                        exit;
                                }
                        } 
    I know there are better functions, but I'd like to know why this code isn't working. The tags are not stripped. I've tried chmod 0777. The directory where the file is being written to has write permissions. There are no errors. Please assist.
    Last edited by cyborg360; 02-26-2012 at 04:32 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •