...

View Full Version : fopen failing to open stream in /var/tmp/



cyborg360
02-24-2012, 12:25 AM
The key issues are that i get this error:

Warning: fopen(/var/tmp/phghvBL8Y) [function.fopen]: failed to open stream: Permission denied in /.../myfile.php on line 99

and I need to write to the file. Also, I have changed php.ini to point to /tmp which I've been told is a directory I should not have an issue writing to files in (unlike /var/tmp).

the php file and neighboring files do not reference /var/tmp/

So, my question is how do I resolve this issue or what other information can I provide?

stevenmw
02-24-2012, 03:09 AM
Can you post your code so we can inspect the messed up line? And did you chmod the files or directory?

Fou-Lu
02-24-2012, 05:17 AM
Isn't really necessary: Permission denied.
/tmp is likely writable, but that doesn't necessarily mean the files within it are. That will depend on the owner, group settings of /tmp and the umask. Typically the settings are 777+t, so I'd say that its probably a umask of 022 or 222.
Given the filename and in /tmp, is this an upload? Just use move_uploaded_file to put it in a directory which you can write in.


Also I assumed you opened in mode 'w'. r, r+, and w+ will all change what the possible permission or umask settings could be.

cyborg360
02-24-2012, 02:12 PM
Tried fopen with 'w' but get the same error...

"Just use move_uploaded_file to put it in a directory which you can write in." <---- I'll try that.


The line where the code is yielding the error message in my original post is in bold below. As you can see, I have attempted to chmod the file. The /tmp/ dir is 755 and I can't seem to access the /var/tmp/ directory to 755 it although I am working on that. Any comments on anything (server & code issues) appreciated here.


if ($_FILES[html_file]['name'] != '')
{
$html = $_FILES['html_file']['tmp_name'];
$html = @file($html);
$html = @join("",$html);

$src_file = $_FILES[html_file]['name'];

$hash = md5(uniqid(rand(),1));
$hash = substr ($hash,0,4);
$src_file = $hash.$src_file;

$dir = "../ebb/";

$fullpath = $dir.$src_file;


if (is_uploaded_file($_FILES['html_file']['tmp_name']))
{
chmod($_FILES['html_file']['tmp_name'], 777);

//Begin Sanitation Phase

ini_set('memory_limit', '512M');
$phase_one_file = $_FILES['html_file']['tmp_name'];
$phase_one_opened_file = fopen($phase_one_file, 'w');
$phase_one_contents = stream_get_contents($phase_one_opened_file);
print_r($phase_one_contents);
$to_be_erased = array("<a>", "</a>", "<span>", "<p></p>", "<span></span>", "</span>");
$new_contents_erased_tags = str_replace($to_be_erased, "", $phase_one_contents);


rewind($phase_one_opened_file);
fseek($phase_one_opened_file, 0, SEEK_SET);
if (fwrite($phase_one_opened_file, $new_contents_erased_tags) === FALSE){
echo "Cannot write to file ($phase_one_opened_file)";
exit;
}

if (fclose($phase_one_opened_file) === FALSE){
echo "Cannot close file ($phase_one_opened_file)";
exit;
}

$domd = new DOMDocument();
libxml_use_internal_errors(true);
$domd->loadHTMLFile($new_contents_erased_tags);
libxml_use_internal_errors(false);

$domx = new DOMXPath($domd);
$items = $domx->query("//*[@style]");

foreach($items as $item) {
$item->removeAttribute("style");
}

$items = $domx->query("//*[@class]");

foreach($items as $item) {
$item->removeAttribute("class");
}

$items = $domx->query("//*[@name]");

foreach($items as $item) {
$item->removeAttribute("name");
}

$items = $domx->query("//*[@lang]");

foreach($items as $item) {
$item->removeAttribute("lang");
}

$items = $domx->query("//*[@span]");

foreach($items as $item) {
$item->removeAttribute("span");
}

$newfile = $_FILES['html_file']['tmp_name'];

$domd->saveHTMLFile($newfile);

//End Sanitation Phase
move_uploaded_file($new_contents_erased_tags, $fullpath);
}
else
{
echo "Possible file upload attack. Filename: " . $HTTP_FILES[html_file]['name'];
}

$set .= ", src_file='$src_file'";
}


$q = "insert into ebb set $set";
$db->insert($q);

Fou-Lu
02-24-2012, 06:46 PM
No, you need to use move_uploaded_file. 755 doesn't have write privilege on the files, and you certainly cannot take ownership of it.
Use move_uploaded_file to place it in a "local" location to your site, then open it from that location.


I assumed you are not root? If you are, you can open up 777+t onto the /tmp using chmod from your ssh client. If you are not root, you cannot change the permissions of the /tmp as you will not own it.

cyborg360
02-24-2012, 09:53 PM
Still have this issue..

Warning: fopen(../imp_b1/4f1esample2.htm) [function.fopen]: failed to open stream: Permission denied

the directory was confirmed to be set to 775 and I am chown'ing the file before fopen, yet still receive this error after moving the file with move_uploaded_file() on the remote server (hostmonster).

Fou-Lu
02-24-2012, 10:05 PM
So this directory is within your control correct?
Pull the permissions:


$sPath = '../imp_b1/4f1esample2.htm';
$cwd = getcwd();
chdir(dirname($sPath));
printf("Permissions of %s are: %o" . PHP_EOL, fileperms($sPath));
printf("Umask of %s is: %o" . PHP_EOL, getcwd(), umask());

What does that show?

cyborg360
02-24-2012, 10:16 PM
So this directory is within your control correct?
Pull the permissions:


$sPath = '../imp_b1/4f1esample2.htm';
$cwd = getcwd();
chdir(dirname($sPath));
printf("Permissions of %s are: %o" . PHP_EOL, fileperms($sPath));
printf("Umask of %s is: %o" . PHP_EOL, getcwd(), umask());

What does that show?

Thanks for your responses. Sorry I can't get all the responses you need this post. Here is what I did get:

printf("Permissions of %s are: %o" . PHP_EOL, fileperms($sPath));
printf() [function.printf]: Too few arguments in ...

printf("Umask of %s is: %o" . PHP_EOL, getcwd(), umask());
Umask of ... is 22

cyborg360
02-24-2012, 10:25 PM
changed code to use chmod($fullpath_and_file, 0755); and seems to fopen now but now see:

Warning: DOMDocument::loadHTMLFile() expects parameter 1 to be string, resource given
Warning: DOMDocument::saveHTMLFile() expects parameter 1 to be string, resource given

Maybe belongs in new thread. Any comments on the errors though?

Fou-Lu
02-24-2012, 10:35 PM
Looks like I biffed that first printf, I meant to add $sPath to it as well.
Your resource is from $fp which isn't usable in the scope of the dom. It would probably be easier to work with a new thread (please use
tags for the code). I think you are overthinking what you need to do, PHP has built in functions such as strip_tags to remove tags from strings, or replacements to remove tags including the blocks. To me, none of that really makes sense if you plan on using the DOM anyway, as you can ignore them completely or replace the tags through the dom instead.

cyborg360
02-24-2012, 10:38 PM
Looks like I biffed that first printf, I meant to add $sPath to it as well.
Your resource is from $fp which isn't usable in the scope of the dom. It would probably be easier to work with a new thread (please use
tags for the code). I think you are overthinking what you need to do, PHP has built in functions such as strip_tags to remove tags from strings, or replacements to remove tags including the blocks. To me, none of that really makes sense if you plan on using the DOM anyway, as you can ignore them completely or replace the tags through the dom instead.

is there a complete list of the built in functions i might want to use like strip_tags somewhere? Or you just suggest learning DOMdocument class better?

cyborg360
02-24-2012, 11:02 PM
Also I assumed you opened in mode 'w'. r, r+, and w+ will all change what the possible permission or umask settings could be.


mode w will make domdocument class' loadhtml report empty string whereas with r+ it doesn't. not sure why.

Fou-Lu
02-24-2012, 11:14 PM
Mode w doesn't have read capabilities, only write. You need to use either r+, or w+ with a rewind to pull the read. w will truncate the file to 0 as will w+, but only w+ is capable of reading back.

I would choose one or the other depending on what has to get done. DOM can load a file by name, so you don't need to do any manipulations. File handling can be simplified to pull straight strings and replace, then load the dom from a string instead of a file. From what I see, you can use either the dom or the file handling, but not both are required.

As for functions, the api can be found at php.net. You can browse the documentation for what you want like the string library, or use the search menu to find a specific function. PHP has a lot of built in functions. And I mean a lot.

cyborg360
02-26-2012, 01:39 AM
update: may have found resolution. code that displays result of upload may be pulling from another location.

I'm trying this now with less code to make things simpler:



$fullpath_and_file = $dir.$src_file;
if (is_uploaded_file($_FILES['html_file']['tmp_name']))
{
//error_reporting(-1);
//ini_set('display_errors', 'on');
move_uploaded_file($_FILES['html_file']['tmp_name'], $fullpath_and_file);
chmod($fullpath_and_file, 0755);
ini_set('memory_limit', '512M');
$phase_one_file = $fullpath_and_file;
$phase_one_opened_file = fopen($fullpath_and_file, 'r+');
$phase_one_contents = stream_get_contents($phase_one_opened_file);

$to_be_erased = array("<a>", "</a>", "<span>", "<p></p>", "<span></span>", "</span>");
$new_contents_erased_tags = str_replace($to_be_erased, "", $phase_one_contents);
rewind($phase_one_opened_file);
fseek($phase_one_opened_file, 0, SEEK_SET);
if (fwrite($phase_one_opened_file, $new_contents_erased_tags) === FALSE){
echo "Cannot write to file ($phase_one_opened_file)";
exit;
}
if (fclose($phase_one_opened_file) === FALSE){
echo "Cannot close file ($phase_one_opened_file)";
exit;
}
}


I know there are better functions, but I'd like to know why this code isn't working. The tags are not stripped. I've tried chmod 0777. The directory where the file is being written to has write permissions. There are no errors. Please assist.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum