News:

Support the VirtueMart project and become a member

Main Menu

function readfile() produces Javascript errors in firebug

Started by jcnegron, May 15, 2008, 02:10:42 AM

Previous topic - Next topic

jcnegron

Description:

Many servers show the following message when using the readfile function:

"readfile() has been disabled for security reasons"

breaking the script.

the readfile function is used in the following Virtuemart 1.1 scripts
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php

Symtoms:
Thumbnails don't show in store and Firefox's firebug reports many javascript errors. Other browsers report JS errors as well 

VirtueMart Version: Virtuemart 1.1 1398 2008-05-11 03:10:40Z
Joomla/Mambo Version: Joomla 1.5 10241 2008-04-24

Steps to replicate:
THIS ONLY OCCURS IN Servers that have the readfile function disabled, which I found is not uncommon.

Proposed fix(es):

add a function to replace readfile()

function rpl_readfile($file){
    $handle=@fopen($file,"r");
    echo @fread($handle,filesize($file));
    @fclose($handle);
}


and substitute all occurrences of readfile() for this function or equivalent code in these scripts:
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php


Bugtracker task #:


System info:

PHP Built on:       Linux
Database Version:    5.0.22
Database Collation:    utf8_general_ci
PHP Version:    5.1.6
Web Server:    Apache/2.2.3 (Fedora)
Web Server to PHP interface:    apache2handler
Joomla! Version:    Joomla! 1.5.3 Production/Stable [ Vahi ] 22-April-2008 22:00 GMT
User Agent:    Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

SupermanInNY

Hi jcnegron (and everybody else :) ),

I am having the same problem of having a server with readfile showing up in the disable_function list of the php.ini .
I tried to work your proposed solution, but it didn't work for me. It ignored it entirly.
So, I'm thinking I'm probably missing something.

Where did append/stick the rpl_replace() function itself?  did you paste it into each file, or did you put it into a single location that is "required" and included?

Any other pointers you can think of?

Thanks,

-Sup.

I'm using
CentOS 5.3 i386
PHP 5.2.10 (cli) (built: Jul 19 2009 17:01:32)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
    with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
mysql 5.0.83-community
Server version: Apache/2.2.11 (Unix)
Server built:   Jul 19 2009 16:58:34
Joomla 1.5.8--> 1.5.12


floren

If you get a error when calling the image directly in the browser like this:

--------------------------------------------------------------------------------
http://www.yourname.com/components/com_virtuemart/show_image_in_imgtag.php?filename=yourimage.jpg

--------------------------------------------------------------------------------

And get this error:

--------------------------------------------------------------------------------
<b>Warning</b>:  readfile() has been disabled for security reasons in <b>/home/yoursite/public_html/components/com_virtuemart/show_image_in_imgtag.php</b> on line <b>155</b><br />

--------------------------------------------------------------------------------

You can ad the function to the named files above like this (just above the first readfile call):


---------------------------------
function rpl_readfile($file){
    $handle=@fopen($file,"r");
    echo @fread($handle,filesize($file));
    @fclose($handle);
}

------------------------

and then change ALL the readfile cals in rpl_readfile like this:


-----------------------------
if( file_exists( $fileout ) ) {
  /* We already have a resized image
  * So send the file to the browser */

     switch(strtolower($ext))
      {
         case ".gif":
            header ("Content-type: image/gif");
            rpl_readfile($fileout);
            break;
         case ".jpg":
            header ("Content-type: image/jpeg");
            rpl_readfile($fileout);
            break;
         case ".png":
            header ("Content-type: image/png");
            rpl_readfile($fileout);
            break;
      }
}


-------------------

If you do this in the other mentioned files: (for vm 1.1 don't know if there are more in 1.13)
/components/com_virtuemart/fetchscript.php
/components/com_virtuemart/show_image_in_imgtag.php
/administrator/components/com_virtuemart/classes/shipping/minixml/classes/doc.inc.php

You can solve the problems not showing tumpnail images in browse pages and a lot of javascripts erros.... on other pages....