- Posts: 5
- Thank you received: 1
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Folder permissions for uploading images into surveys
- jeskiv
- Topic Author
- Offline
- New Member
Less
More
7 years 5 days ago #152920
by jeskiv
Folder permissions for uploading images into surveys was created by jeskiv
Hi,
I had problems with uploading images into surveys (Edit question and from the WYSIWYG editor choose the image logo and then click "Browse server" which takes you to the KCFinder uploader). I was able to find a solution to the problems, but since I am not sure if it is a server issue or a bug, I thought I would explain it here:
I was able to upload images to the server, but they would not show in the survey. I found out that this was due to
1. KCFinder adds a .htaccess-file into the new upload/SURVEYID-folder it creates. By editing the third_party/kcfinder/conf/config.php and changing '_check4htaccess' to false I was able to prevent it from creating those .htaccess-files.
2. KCFinder created the folder only with full owner permissions, no permissions for group or user. It was supposed to be 0755, but it actually created 0700-permissions. I found out that this was due to wrong umask-setting, and I was able to fix the issue by adding into the file third_party/kcfinder/core/class/uploader.php around the mkdir() commands (found at least in lines 285 and 306) the reset for umask:
$old = umask(0);
mkdir();
umask($old);
After those lines the KCFinder creates the folder permissions correctly and viewing files works in surveys.
I am running version 2.63.1 (build 170305) with Apache, PHP5 and PostgreSQL.
I also tried to test this in demo.limesurvey.org, but it throws error "You don't have permissions to browse server." when I click "Browse server". Although, it doesn't seem to be running the latest version either (its 2.64.0 atm).
So basicly if this is a server issue I hope it helps someone else with similar issues and if this is universal issue, I hope it will be fixed in later versions. I don't have enough understanding about the umask to understand if it is server related or not.
I had problems with uploading images into surveys (Edit question and from the WYSIWYG editor choose the image logo and then click "Browse server" which takes you to the KCFinder uploader). I was able to find a solution to the problems, but since I am not sure if it is a server issue or a bug, I thought I would explain it here:
I was able to upload images to the server, but they would not show in the survey. I found out that this was due to
1. KCFinder adds a .htaccess-file into the new upload/SURVEYID-folder it creates. By editing the third_party/kcfinder/conf/config.php and changing '_check4htaccess' to false I was able to prevent it from creating those .htaccess-files.
2. KCFinder created the folder only with full owner permissions, no permissions for group or user. It was supposed to be 0755, but it actually created 0700-permissions. I found out that this was due to wrong umask-setting, and I was able to fix the issue by adding into the file third_party/kcfinder/core/class/uploader.php around the mkdir() commands (found at least in lines 285 and 306) the reset for umask:
$old = umask(0);
mkdir();
umask($old);
After those lines the KCFinder creates the folder permissions correctly and viewing files works in surveys.
I am running version 2.63.1 (build 170305) with Apache, PHP5 and PostgreSQL.
I also tried to test this in demo.limesurvey.org, but it throws error "You don't have permissions to browse server." when I click "Browse server". Although, it doesn't seem to be running the latest version either (its 2.64.0 atm).
So basicly if this is a server issue I hope it helps someone else with similar issues and if this is universal issue, I hope it will be fixed in later versions. I don't have enough understanding about the umask to understand if it is server related or not.
The topic has been locked.
- tpartner
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 10109
- Thank you received: 3595
7 years 5 days ago #152990
by tpartner
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Replied by tpartner on topic Folder permissions for uploading images into surveys
I don't know if it is server related either but, just in case it is a bug, please file a bug report with all of the server details.
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The topic has been locked.
- jeskiv
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 1
7 years 4 days ago #153102
by jeskiv
Replied by jeskiv on topic Folder permissions for uploading images into surveys
Ok, reported!
The topic has been locked.
- blocka
- Offline
- Platinum Member
Less
More
- Posts: 409
- Thank you received: 34
6 years 7 months ago - 6 years 7 months ago #158377
by blocka
Replied by blocka on topic Folder permissions for uploading images into surveys
I also just encountered this issue. Changes @jeskiv suggested didn't resolve issue for me.
I changed line 24 of /third_party/kcfinder/conf/config.php from:
'disabled' => true,
to
'disabled' => false,
And this resolved the issue. But I think this opens a security hole, so I'm not keen to do that.
I'm using most recent LS release as of Sept 6, 2017.
I changed line 24 of /third_party/kcfinder/conf/config.php from:
'disabled' => true,
to
'disabled' => false,
And this resolved the issue. But I think this opens a security hole, so I'm not keen to do that.
I'm using most recent LS release as of Sept 6, 2017.
Last edit: 6 years 7 months ago by blocka.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
6 years 7 months ago #158387
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Folder permissions for uploading images into surveys
This setings allow anyone to upload files with just the link to kcfinder.
It's set to enable according to session. I think the default session didn't have the same behaviour the LimeSUrvey.
Can you test with DBsession ?
It's set to enable according to session. I think the default session didn't have the same behaviour the LimeSUrvey.
Can you test with DBsession ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- blocka
- Offline
- Platinum Member
Less
More
- Posts: 409
- Thank you received: 34
6 years 7 months ago #158402
by blocka
Replied by blocka on topic Folder permissions for uploading images into surveys
Hi Denis, I found the steps to recreate the problem, and posted to issue:
bugs.limesurvey.org/view.php?id=12279#c44400
Appears to be a repeatable bug.
bugs.limesurvey.org/view.php?id=12279#c44400
Appears to be a repeatable bug.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
6 years 7 months ago #158404
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Folder permissions for uploading images into surveys
Great catch \o/ we set session in some admin page but not in the helper (maybe/surely/who knows)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.