Folder permissions for uploading images into surveys

More
7 months 3 weeks ago #152920 by jeskiv
jeskiv created the topic: Folder permissions for uploading images into surveys
Hi,

I had problems with uploading images into surveys (Edit question and from the WYSIWYG editor choose the image logo and then click "Browse server" which takes you to the KCFinder uploader). I was able to find a solution to the problems, but since I am not sure if it is a server issue or a bug, I thought I would explain it here:

I was able to upload images to the server, but they would not show in the survey. I found out that this was due to
1. KCFinder adds a .htaccess-file into the new upload/SURVEYID-folder it creates. By editing the third_party/kcfinder/conf/config.php and changing '_check4htaccess' to false I was able to prevent it from creating those .htaccess-files.
2. KCFinder created the folder only with full owner permissions, no permissions for group or user. It was supposed to be 0755, but it actually created 0700-permissions. I found out that this was due to wrong umask-setting, and I was able to fix the issue by adding into the file third_party/kcfinder/core/class/uploader.php around the mkdir() commands (found at least in lines 285 and 306) the reset for umask:
$old = umask(0);
mkdir();
umask($old);
After those lines the KCFinder creates the folder permissions correctly and viewing files works in surveys.

I am running version 2.63.1 (build 170305) with Apache, PHP5 and PostgreSQL.

I also tried to test this in Demo.limesurvey.org, but it throws error "You don't have permissions to browse server." when I click "Browse server". Although, it doesn't seem to be running the latest version either (its 2.64.0 atm).

So basicly if this is a server issue I hope it helps someone else with similar issues and if this is universal issue, I hope it will be fixed in later versions. I don't have enough understanding about the umask to understand if it is server related or not.

Please Log in to join the conversation.

More
7 months 3 weeks ago #152990 by tpartner
tpartner replied the topic: Folder permissions for uploading images into surveys
I don't know if it is server related either but, just in case it is a bug, please file a bug report with all of the server details.

Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.

Please Log in to join the conversation.

More
7 months 3 weeks ago #153102 by jeskiv
jeskiv replied the topic: Folder permissions for uploading images into surveys
Ok, reported!

Please Log in to join the conversation.

More
3 months 1 week ago - 3 months 1 week ago #158377 by blocka
blocka replied the topic: Folder permissions for uploading images into surveys
I also just encountered this issue. Changes @jeskiv suggested didn't resolve issue for me.

I changed line 24 of /third_party/kcfinder/conf/config.php from:

'disabled' => true,
to
'disabled' => false,

And this resolved the issue. But I think this opens a security hole, so I'm not keen to do that.

I'm using most recent LS release as of Sept 6, 2017.
Last Edit: 3 months 1 week ago by blocka.

Please Log in to join the conversation.

More
3 months 1 week ago #158387 by DenisChenu
DenisChenu replied the topic: Folder permissions for uploading images into surveys
This setings allow anyone to upload files with just the link to kcfinder.
It's set to enable according to session. I think the default session didn't have the same behaviour the LimeSUrvey.
Can you test with DBsession ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

More
3 months 1 week ago #158402 by blocka
blocka replied the topic: Folder permissions for uploading images into surveys
Hi Denis, I found the steps to recreate the problem, and posted to issue:

bugs.limesurvey.org/view.php?id=12279#c44400

Appears to be a repeatable bug.

Please Log in to join the conversation.

More
3 months 1 week ago #158404 by DenisChenu
DenisChenu replied the topic: Folder permissions for uploading images into surveys
Great catch \o/ we set session in some admin page but not in the helper (maybe/surely/who knows)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!