PHP 4.4.1 and GD / Coppermine / imagejpeg()

Snapdragon · Unread post by **Snapdragon** » Mon Nov 28, 2005 4:47 pm

Long time follower, first time poster

Sooo I started getting reports that no one can upload into Coppermine anymore.

I did some lookups and found http://bugs.php.net/bug.php?id=35071

Apparently the way safemode file handling is treated in 4.4.1 breaks imagejpeg()'s ability to create a file.

You can touch() the file, or move/copy/rename, etc. but you can't create it. They have acknowledged the bug and placed the fix into CVS.

Scott, is there a way you can compile the fix into yum so that us lowly un-compiling-if-its-not-a-release-we-don't-touch-it peeps can fix this issue?

Thanks

PS Snapdragon = WildRoseWeb

Unread post by **scott** » Tue Nov 29, 2005 2:28 pm

According to what I read in that thread, this is a feature (havent confirmed it myself). It looks like this is related to safe_mode, so you may be able to work around this if you disable that in php.ini, or in vhost.conf.

Snapdragon · Unread post by **Snapdragon** » Tue Nov 29, 2005 3:41 pm

I'm not disabling safe mode on any domains. Not on a virtual hosting server, then one phpBB injection comes along and I lose my entire setup.

They were arguing over "feature" vs. "bug" and I believe the decision was "bug". Supposedly in CVS the problem is gone.

Unread post by **scott** » Wed Nov 30, 2005 3:11 pm

Yeah I dont blame you, Ive been hoping to see more features from the hardened PHP project in the mainstream php code. This was one of them from what I gather, but it looks like the masses pushed back against it.

Snapdragon · Unread post by **Snapdragon** » Wed Nov 30, 2005 3:47 pm

So... back to the problem.. is there a way I can update my files to allow it until 4.4.2 comes out? I have about 15 busted galleries...

Unread post by **scott** » Wed Nov 30, 2005 10:50 pm

I tried applying that to the 4.4.1 tree, but clearly they've made a lot of changes in several areas that is going to need more work to get in there. I'll keep you posted. (Watch them put out 4.4.2 when I finish

)

Snapdragon · Unread post by **Snapdragon** » Thu Dec 01, 2005 1:34 am

I've never used a CVS system before - is there any indication when they will release 4.4.2? If it's going to be soon I would say don't bother with it and I'll tell my guys to wait.

jamster · Unread post by **jamster** » Mon Dec 12, 2005 9:14 am

It's far from perfect but...

You can include the line
touch($filename);
before the relevant imagejpeg command. Obviously $filename must contain the correct filename, you'll have to code this in to your script.

You can find affected files by running the following in your htdocs directory:
grep -i --include *.php -r imagejpeg * > imagejpeg.txt &

It will make a list in the file imagejpeg.txt

Snapdragon · Unread post by **Snapdragon** » Sun Feb 12, 2006 12:40 am

Scott, 4.4.2 is out, can we get it parsed into the archive soon?