Description:
Many servers show the following message when using the readfile function:
"readfile() has been disabled for security reasons"
breaking the script.
the readfile function is used in the following Virtuemart 1.1 scripts
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php
Symtoms:
Thumbnails don't show in store and Firefox's firebug reports many javascript errors. Other browsers report JS errors as well
VirtueMart Version: Virtuemart 1.1 1398 2008-05-11 03:10:40Z
Joomla/Mambo Version: Joomla 1.5 10241 2008-04-24
Steps to replicate:
THIS ONLY OCCURS IN Servers that have the readfile function disabled, which I found is not uncommon.
Proposed fix(es):
add a function to replace readfile()
function rpl_readfile($file){
$handle=@fopen($file,"r");
echo @fread($handle,filesize($file));
@fclose($handle);
}
and substitute all occurrences of readfile() for this function or equivalent code in these scripts:
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php
Bugtracker task #:
System info:
PHP Built on: Linux
Database Version: 5.0.22
Database Collation: utf8_general_ci
PHP Version: 5.1.6
Web Server: Apache/2.2.3 (Fedora)
Web Server to PHP interface: apache2handler
Joomla! Version: Joomla! 1.5.3 Production/Stable [ Vahi ] 22-April-2008 22:00 GMT
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Hi jcnegron (and everybody else :) ),
I am having the same problem of having a server with readfile showing up in the disable_function list of the php.ini .
I tried to work your proposed solution, but it didn't work for me. It ignored it entirly.
So, I'm thinking I'm probably missing something.
Where did append/stick the rpl_replace() function itself? did you paste it into each file, or did you put it into a single location that is "required" and included?
Any other pointers you can think of?
Thanks,
-Sup.
I'm using
CentOS 5.3 i386
PHP 5.2.10 (cli) (built: Jul 19 2009 17:01:32)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
mysql 5.0.83-community
Server version: Apache/2.2.11 (Unix)
Server built: Jul 19 2009 16:58:34
Joomla 1.5.8--> 1.5.12
If you get a error when calling the image directly in the browser like this:
--------------------------------------------------------------------------------
http://www.yourname.com/components/com_virtuemart/show_image_in_imgtag.php?filename=yourimage.jpg
--------------------------------------------------------------------------------
And get this error:
--------------------------------------------------------------------------------
<b>Warning</b>: readfile() has been disabled for security reasons in <b>/home/yoursite/public_html/components/com_virtuemart/show_image_in_imgtag.php</b> on line <b>155</b><br />
--------------------------------------------------------------------------------
You can ad the function to the named files above like this (just above the first readfile call):
---------------------------------
function rpl_readfile($file){
$handle=@fopen($file,"r");
echo @fread($handle,filesize($file));
@fclose($handle);
}
------------------------
and then change ALL the readfile cals in rpl_readfile like this:
-----------------------------
if( file_exists( $fileout ) ) {
/* We already have a resized image
* So send the file to the browser */
switch(strtolower($ext))
{
case ".gif":
header ("Content-type: image/gif");
rpl_readfile($fileout);
break;
case ".jpg":
header ("Content-type: image/jpeg");
rpl_readfile($fileout);
break;
case ".png":
header ("Content-type: image/png");
rpl_readfile($fileout);
break;
}
}
-------------------
If you do this in the other mentioned files: (for vm 1.1 don't know if there are more in 1.13)
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php
You can solve the problems not showing tumpnail images in browse pages and a lot of javascripts erros.... on other pages....