Print

[turtleboy]

When I try to upload files I gt the following errors returbed:
In the header:
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 1182
---------------------------------------

In the body
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497

Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497

Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497
---------------------------------------

The File is still uploaded though, and when I got tot the next page (naming and putting  description),
it returns this error in the header:
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 2387
---------------------------------------

The file upload and everything else is successful, I'm just thinking the program is trying to pull some information my server won't allow. Since my site is hosted by another company, I'm pretty sure I can't change anything server-side.. so is there anything I can edit in the upload.php safely to remove these ugly warnings?

[hyperion]

Your host has disabled getmypid, which is used to get the thread's process number from the server (as no two users can have the same process number at the same time).  This is combined with the time to create a unique identifying string for temporary files.

You can try substituting mt_rand(0, 32000) for getmypid.

The relevant code on 497 and 1182 will look like this:

Code: [Select]

        $unique_ID = substr(md5(microtime().getmypid()), 0, 8);

Change it to:

Code: [Select]

        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);

If you are using less than PHP 4.2, you will need to make it look like this:

Code: [Select]

        mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);

Please report if this is helpful to you. 

[turtleboy]

Ok I replaced the code on lines 497, 1182, and 2387 with what you suggested. And everything works fine now.

You might want to add that on lines 1182 and 2387 the code starts with '$seed' instead of '$unique_id'

Thanks for the help.

[Joachim Müller]

@Hyperion and devs: since many webhosts react on script kiddy attacks against PHP weaknesses with "hardened" policies we might encounter such issues more frequently in the future, so I suggest we might want to consider adding checking routines wether getmypid() has been disabled and use random numbers instead as a fall back.

GauGau

[Pim]

Hi Guys,

I have the same problems, but I am not a whizz kid, so I do not understand a thing in the offered solution. Is there a way to solve this?

Error message:

Warning: getmypid, dl, leak, chgrp() has been disabled for security reasons in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 1186


Warning: getmypid, dl, leak, chgrp() has been disabled for security reasons in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 501

Thanks very much!

Pim.

[Nibbler]

You need to download the copy of upload.php from your server, and use a simple text editor eg notepad to find and change

Code: [Select]

        $unique_ID = substr(md5(microtime().getmypid()), 0, 8);

to

Code: [Select]

        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);

then upload the changed file to your server, overwriting the old one.

[Pim]

Hmm I did this (easy - even for me!!), but it gave me more problems:

Warning: is_dir(): Stat failed for ./albums/edit/. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 432

Warning: filemtime(): Stat failed for ./albums/edit/. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 440

Warning: unlink(./albums/edit/.): Permission denied in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 453

Warning: is_dir(): Stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 432

Warning: filemtime(): Stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 440

Warning: unlink(./albums/edit/..): Permission denied in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 453

This appears when I go to Upload File.

[Nibbler]

That is an unrelated problem, please search the board.

[dragonfire]

i've got one anoying error...
i had 3 errors, i searched the forum, lost 2 errors, now i'm stuck with 1 annoying error

Code: [Select]

Warning: getmypid, dl, leak, listen, chown, chmod, chgrp, realpath, tmpfile, link, mb_send_mail() has been disabled for security reasons in /data/members/free/tripod/nl/l/a/u/laurenz/htdocs/upload.php on line 1183
i've searched everywhere...
i used this bit it didn't work for me...

if you say that i have to search the forum, i already did, so help me with searching plz then...

i beg you guys, i hope i can trust you people

[Casper]

Merged with the thread you quoted, although it did not work for you.
Please post problems on the correct board.

[dragonfire]

Merged with the thread you quoted, although it did not work for you.
Please post problems on the correct board.

yeah yeah, plz, just give me one answer!!!

[Casper]

If I had the answer I would have posted it.  But being frustrated is no excuse for being rude, or not posting in the correct place, where you are most likely to get the help you need in the first place.

[dragonfire]

If I had the answer I would have posted it. But being frustrated is no excuse for being rude, or not posting in the correct place, where you are most likely to get the help you need in the first place.

ok, srry that i was so mean, but i had hurry
i had to go to my guitar lesson...
sorry...i mean this...

but can you help me plz then?

[Tranz]

The problem was due to Tripod's settings. Try this:
http://forum.coppermine-gallery.net/index.php?topic=7289.0

If you still have problems, search the board for Tripod and you'll see the various issues with using Tripod.

[dragonfire]

The problem was due to Tripod's settings. Try this:
http://forum.coppermine-gallery.net/index.php?topic=7289.0

If you still have problems, search the board for Tripod and you'll see the various issues with using Tripod.

it won't work...i find to times that sort of text...do i have to change both?
can't you post an working version?
or is it the problem that i use version 1.3.0 and not 1.3.2???

help me!!!

[Tranz]

or is it the problem that i use version 1.3.0 and not 1.3.2???

It might help to use the latest version.

[Nibbler]

dragonfire: simply change the code in all occurences as described in upload.php and image_processor.php

Code: [Select]

substr(md5(microtime().getmypid()), 0, 8);becomes

Code: [Select]

substr(md5(uniqid("")), 0, 8);

[note: applied to dev branch.]

[laubert]

Hi,

I also found the line :
$seed = substr(md5(microtime().getmypid()), 0, ;
three times in upload.php.

Can I change the three :
substr(md5(microtime().getmypid()), 0,
by
substr(md5(microtime().mt_rand(0, 32000)), 0,

?



Oops, of course there are no smilies but number eight in the file
Thank you.

[Nibbler]

Yes, you can use any method you like to get a random string.