Avatar upload problem since update to 2.0.17 [2 solutions]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Avatar upload problem since update to 2.0.17 [2 solutions]

Post by Illuminatus » Thu Jul 21, 2005 2:59 pm

I can't upload avatars since the update to 2.0.17 anymore. It worked on 2.0.16. I changed my folder to 777 and made sure the admin settings still point to that folder.

After trying to upload, the debug tells me about filesizerestriction, which in reality is met but seems to be miscalculated (uploading a 20x20px file, when 400x400 is allowed).

So... any ideas? What has happened since the last update? Which detective will solve this case?

Oh... for sake of bureaucracy:
URL: [deleted fpr security reasons]
Template(s) used: subSilver
Any and all MODs: None
Do you use a port of phpBB: No
Version of phpBB: 2.0.17
Version of PHP: 4.1.2
Which database server and version: MySQL 3.23.49
Host: Myself on shared server
Did someone install this for you/who: No
Is this an upgrade/from what to what: From 2.0.16
Is this a conversion/from what to what: No
Have you searched for your problem: Yes
If so, what terms did you try: Avatar Upload
State the nature of your problem: can't upload avatars since the update to 2.0.17
Do you have a test account for us: No
Last edited by Illuminatus on Sun Jul 24, 2005 8:04 am, edited 4 times in total.

Stefan Koopmanschap
Former Team Member
Posts: 7388
Joined: Sun Oct 28, 2001 9:47 am
Location: Woudenberg, Netherlands
Contact:

Post by Stefan Koopmanschap » Thu Jul 21, 2005 6:34 pm

I must admit I have no idea even where to start looking. I've notified the rest of the Support Team of this thread, hopefully someone else will be able to help you.

User avatar
CTCNetwork
Former Team Member
Posts: 15424
Joined: Fri Dec 19, 2003 3:50 am
Location: In that Volvo behind you!
Contact:

Post by CTCNetwork » Thu Jul 21, 2005 6:54 pm

Hi,

I have a clean test forum, and have updated with the changed files updates from 2.0.15 to 2.0.16 and now 2.0.17..

I have just uploaded a new avatar - no issue at all...

So, is there something else amiss like Zend or something??

Can you create a phpinfo file please...

Des. . . :wink:
Density:- Not just a measurement~Its a whole way of Life.! ! !
| Welcome! | RTFM!!! | Search! It's Easy! | Problem? | Spam? | Advice! |

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Thu Jul 21, 2005 9:00 pm

Thanks for your immediate response.
The phpinfo() can be (temporarily) found here: [deleted fpr security reasons]
Updated above information with MySQL 3.23.49 and phpversion information.

I am a heavy user of phpBB since 1.x and this is the first time i could't fix a phpBB related issue on my own. So your help is very much appreciated.

As additional information I am running my server with safemode and php_admin_value open_basedir set to /var/kunden/webs/web1/ . I am running apache as www-data user and ftp works on a mysql driven virtual user (via syscp).

Must "funny" thing is that all was running well until the update. Strange...
Last edited by Illuminatus on Sat Jul 23, 2005 7:09 pm, edited 2 times in total.

freshSparks
Registered User
Posts: 17
Joined: Sat Feb 12, 2005 9:43 am

Post by freshSparks » Thu Jul 21, 2005 10:22 pm

i was having this same problem on a brand new 2.0.17 board. fixed after editing php.ini on the server and setting an actual upload_tmp_dir intead of using defaults. i set my to /tmp/phpupload and chmod'd it 777 and it was all gravy

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 6:02 am

But I did noch change any server settings, so phpBB must have changed. I will ask my host if the changed anything on the shared server...

Update information:
I debugged by adding echo commands and found out that variables in usercp_avatar.php are empty, which results the conditional to fail:

Code: Select all

	if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
The variables are set with:

Code: Select all

list($width, $height) = @getimagesize($avatar_filename);
@getimagesize($avatar_filename) also results in an empty value, but $avatar_filename=/tmp/phpjwNKoM (which indicates, that something has been written).

So the real question may be, why these variables are empty.
Last edited by Illuminatus on Fri Jul 22, 2005 8:17 am, edited 1 time in total.

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 8:13 am

Can someone help with the updated additional information?
The variables were checked with

Code: Select all

		echo("CUSTOM 3!!!");
		echo("width=$width");
		echo("height=$height");
		echo("imagesize=".@getimagesize($avatar_filename));
		echo("avatar_filename=".$avatar_filename);
in the else-path of the condition.

Uploading files with another php script works just fine...

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 8:58 am

Update:
I tried usercp_avatar.php,v 1.8.2.17 and all works fine there. So the problem seems to be on phpBB's side of handling fileuploads, not on serverside.

Diffs are:

Code: Select all

//new
	$avatar_file = basename($avatar_file);

//new
	$avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename);
	if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\")
	{
		return '';
	}

//new
	global $lang;

//changed
if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )

//changed
if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )

//new
			if (!is_uploaded_file($avatar_filename))
			{
				message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
			}
Maybe http://de3.php.net/manual/de/function.getimagesize.php is used wrong.
I also used

Code: Select all

echo("width=".$width."height=".$height);
on the old version and it came up with empty values. So definitely getimagesize() never worked this way, but empty values were ignored in the older version.

So I'll be using the old version until the problem is solved...

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 9:54 am

My temporary fix comes down to this:
Replaced in new version of usercp_avatar.php:

Code: Select all

if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
With:

Code: Select all

if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
But someone competent should fix that (improper use of getimagesize()).

YGT
Registered User
Posts: 8
Joined: Wed Jul 20, 2005 11:43 am

Post by YGT » Fri Jul 22, 2005 10:22 am

My problem like this :( .
I upgrade my data 0.13 to 0.17 and when I try to upload a avatar I see this error message!

Warning: copy(./images/avatars/100980801742e0c87a186b7.jpg): failed to open stream: Permission denied in /home/cagatay/public_html/forum17/includes/usercp_avatar.php on line 241

Warning: Cannot modify header information - headers already sent by (output started at /home/cagatay/public_html/forum17/includes/usercp_avatar.php:241) in /home/cagatay/public_html/forum17/includes/page_header.php on line 475

Warning: Cannot modify header information - headers already sent by (output started at /home/cagatay/public_html/forum17/includes/usercp_avatar.php:241) in /home/cagatay/public_html/forum17/includes/page_header.php on line 477

Warning: Cannot modify header information - headers already sent by (output started at /home/cagatay/public_html/forum17/includes/usercp_avatar.php:241) in /home/cagatay/public_html/forum17/includes/page_header.php on line 478


So, what is this!. How can I access this problem :?: :cry:

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 10:43 am

This has nothing to do with my problem, but
failed to open stream: Permission denied

tells me that your permissions are not correctly set. Try chmod your avatarfolder to 777. For more info on how to do that use the search function on keywords "avatar", "chmod" and "upload". If you can't chmod your folders on your host, you will have to leave the upload function alone or change to another host.

YGT
Registered User
Posts: 8
Joined: Wed Jul 20, 2005 11:43 am

Post by YGT » Fri Jul 22, 2005 11:03 am

I check the directory permissions but also, all right permissions as assigned! How can I access it :(

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 11:16 am

The code in question is:

Code: Select all

$move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename");
The error message still tells me that you are not allowed to use the copy command, which means you are not privileged to do filecopy. Reasons may be server- or foldersettings, which restrict you doing so. Still has nothing to do with my original problem...

Illuminatus
Registered User
Posts: 51
Joined: Mon Jul 18, 2005 12:51 pm

Post by Illuminatus » Fri Jul 22, 2005 12:46 pm

The problem mentioned in the first post comes all down to this:

Code: Select all

@getimagesize($avatar_filename);
But getimagesize() has not the rights needed to read in the /tmp folder. To get avatar upload working without changing my serversystem, I will permanently use my mentioned fix. Hope this is not a security risk... I wonder why no one else has come across this problem in 2.0.17.

Help and comments still greatly appreciated!

gohatto
Registered User
Posts: 2
Joined: Thu Jul 21, 2005 10:09 am

Post by gohatto » Fri Jul 22, 2005 1:16 pm

I have the same problem, and I described it here: http://www.phpbb.com/phpBB/viewtopic.php?t=309017


The solution which you write is right now the only way to make the avatars upload run smoothly. Hope this bug will be fixed professionally by smart guys from phpbb :wink:

Locked

Return to “2.0.x Support Forum”