Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

php gd image path issue

Hello, I've had a head scratcher here.. so well using

$this->strOriginalImagePath = rawurldecode($strPath);

to pass to

$this->arrOriginalDetails = getimagesize($this->strOriginalImagePath);

which getimagesize() some timse it fails to find the path ... it's been hard to pin down but I think it's spaces and ' and things like that, which is why I was using rawurldecode().. but on the sites that have that issue this works just great...

$this->strOriginalImagePath = str_replace(" ", "%20", $strPath);

why would this be the case?  How can I insure that from site to site, server to server that this will work?

$strPath is a url atm... "/uploads/image/img.jpg"

Hope this is a simple fix...
Cheer
jeremy
0
jeremyBass26
Asked:
jeremyBass26
  • 5
  • 5
1 Solution
 
Hube02Commented:
If spaces and the like are what is causing the issue there is only one real way to fix it. I'm only assuming here, but I'd guess that on a *nix box that the %20 is taken as literal while on a Windows box the %20 is being converted, but that's just a guess.

What you need to do is modify your upload script so that all the special characters and spaces are removed. I don't allow anything but letters, numbers, underscores and dashes when uploading files. See code below.

On existing sites this probably means that you're going to need to alter all the file names and alter the information in your DB to remove any unwanted characters.


<?php
  
  $error = false;
  // strip off the file extension and store it
  // 12345678
  // 01234567
  // file.jpg
  $dot_pos = strrpos($file_name, '.')l
  $extension = substr($file_name, $dot_pos);
  $file_name = substr($file_name, 0, $dot_pos);
  
  // remove all unwanted charaters from start or end of file name
  $file_name = preg_replace('/(^[^-_0-9a-z]+|[^-_0-9a-z]+$)/i', '', $file_name);
  
  // replace any runs of unwanted characters in name with a -
  //        you could change this to an underscore
  $file_name = preg_replace('/[^-_0-9a-z]+/i', '-', $file_name);
  
  // make sure you have something left that is not a -
  if (preg_match('/[-_0-9a-z]/i', $file_name)) {
    // still some valid characters in there
    // append the file extension
    $file_name .= $extension;
  } else {
    // there were no valid characters in the input string
    // so whatever error you want here
    $error = true;
  }
  
  // move file or whatever you do with only if an error did not occure
  if (!$error) {
    // the rest of your code here
    
  }
  
?>

Open in new window

0
 
Hube02Commented:
Fixing Typos....

let me know if this helps at all.
<?php
  
  $error = false;
  // strip off the file extension and store it
  $dot_pos = strrpos($file_name, '.');
  $extension = substr($file_name, $dot_pos);
  $file_name = substr($file_name, 0, $dot_pos);
  
  // remove all unwanted charaters from start or end of file name
  $file_name = preg_replace('/(^[^-_0-9a-z]+|[^-_0-9a-z]+$)/i', '', $file_name);
  
  // replace any runs of unwanted characters in name with a -
  //        you could change this to an underscore
  $file_name = preg_replace('/[^-_0-9a-z]+/i', '-', $file_name);
  
  // make sure you have something left that is not a -
  if (preg_match('/[-_0-9a-z]/i', $file_name)) {
    // still some valid characters in there
    // append the file extension
    $file_name .= $extension;
  } else {
    // there were no valid characters in the input string
    // so whatever error you want here
    $error = true;
  }
  
  // move file or whatever you do with only if an error did not occure
  if (!$error) {
    // the rest of your code here
    
  }
  
?>

Open in new window

0
 
jeremyBass26Author Commented:
Sorry no no... the file is on the server already... the script I wrote just need to grab the file... that path is what is throwing the error.. I can't change the upload part, so trying to fix the file name before hand is a no go.. I just have to work with it and that is what needs to have the solution..

Thank you
Cheers
Jeremy
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
Hube02Commented:
Is it spaces in particular? or are there other characters that are causing the issue as well? On what type of platform/server does the issue appear. There are basically 3 choices
1) *nix/Apache
2) Windows/IIS
3) Window/Apache

is it a Windows/*nix issue of an IIS/Apache issue, or a combination.

What do the actual file names look like that are causing the problem, are they the same on the servers that don't case the problem and the server that does?

In the end you will probably need to right a function to determine what the OS/Server configuration is and then alter the path based on the results of that function, but it would be better to just worry about the one that is configuration that is causing the problem.
0
 
Hube02Commented:
Another question, why can't you alter the upload script. fixing the problem after the fact is just putting a band aide on a gaping wound. If at all possible you should investigate fixing the cause of you will continue to have problems in the future as users find more ways to f things up.

Anyway, answer my questions and I'll see what I can do.
0
 
jeremyBass26Author Commented:
Well the solution needs to be platform independent... it could be Windows/IIS+php for all I know.. this is a module of a larger app, and that is way I have not control over how the images got on the server.. I just need to work with the image that is on the server...

some have reported it with just spaces... I tested it here  

http://www.digitalbarn.tv/testpage.html

which uses $this->strOriginalImagePath = rawurldecode($strPath);

but on the same server the on the same server as

http://www.visitnorthcentralidaho.org/

I have to use $this->strOriginalImagePath = str_replace(" ", "%20", $strPath); as running it thru rawurldecode() the getimagesize() errors out.. can't fine it...

Now you'll see that in the first one the very last image at the button in the space test it good..

I'mm just not sure.. Thank you Jeremy


0
 
jeremyBass26Author Commented:
ok... I think I solved it but useing the file path.. I forced that .. now http:// what have you is changed to the file path and I bit that will work cross system... I bet.. -Jeremy
0
 
jeremyBass26Author Commented:
would you agree that should fix all the issues?
0
 
Hube02Commented:
I'm not sure what you are saying, sorry. Do you mean the you are using an http:// address to retrieve images? If this is the case it will probably work because the server get the request a different way and then decodes the url string if necessary, however, some servers may still have a problem with this.

What I had in mind would be platform independent, in a way.... you would check to see what the server configuration is and if it is one of the ones that cause a problem then fix the path data.

What you suggest may not be platform independent, there is a php.ini setting that if not "ON" will not allow you to open files in this manner. So, while it may fix the problem you'll then need need to fix it when it breaks again. Then you'll need to check the INI setting and see if remote file open is on and only do it this way if it is, otherwise it will still be broken.

You could use CURL to open the file, and this will work on any server. Unfortunately I don't know anything about CURL (http://us.php.net/manual/en/book.curl.php)

Maybe I'm a stickler, but, if these are modules in a larger system then the module that does the uploading is broken. If this upload module does not do a simple thing like check for valid characters in uploaded files name then I would not trust it. Does it check for malicious files? As I've said, and will continue to say, the only real way to fix this is to fix the source of the problem and not try to deal with the errors that it creates after the fact.
0
 
jeremyBass26Author Commented:
it'd be idea if I could fix the other parts, but this is just about the path and I got it to work.. Cheers
Jeremy
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now