[LISE] PHP function … not allowed by security setting

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Locked
10010110
Translator
Translator
Posts: 200
Joined: Tue Jan 22, 2008 9:57 am

[LISE] PHP function … not allowed by security setting

Post by 10010110 »

I’m using LISE as a simple download manager and previously I’ve retrieved the size of files using this:

Code: Select all

{assign var="bytes" value=filesize("uploads/downloads/$filename")}
As of CMS version 2 (or Smarty 3) this isn’t possible anymore because of
PHP function 'filesize' not allowed by security setting
I’ve read about $config['permissive_smarty'] = 1; but that only makes the error disappear with the file size not being shown anymore either.

What’s the best way to get the file size within CMSMS/LISE?
User avatar
Rolf
Dev Team Member
Dev Team Member
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Location: The Netherlands
Contact:

Re: [LISE] PHP function … not allowed by security setting

Post by Rolf »

- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
10010110
Translator
Translator
Posts: 200
Joined: Tue Jan 22, 2008 9:57 am

Re: [LISE] PHP function … not allowed by security setting

Post by 10010110 »

Thanks Rolf, I also thought about something like this but neither did I get my nor your code to work.

I modified your code example like so in my UDT called “filesize”:

Code: Select all

// read parameters
$path = isset($params['path']) ? $params['path'] : '';

// check if file exists
if(file_exists($path))
{
  $filesize = filesize($path);
  // beautify filesize
  $suffix = "B"; // for Bytes
  if($filesize > 1024)
    {
      $filesize = $filesize / 1024;
      $suffix = "KB";
      if($filesize > 1024)
      {
        $filesize = $filesize / 1024;
        $suffix = "MB";
        if($filesize > 1024)
        {
          $filesize = $filesize / 1024;
          $suffix = "GB";
        }
      }
    }

  $filesize = sprintf("%.2f", $filesize);

  // edit this line, if you want a different representation of your link
  echo $filesize.$suffix;
}
else
{
  // this is shown if the file you try to link can't be found
  echo 'n.v.';
}
In the LISE template I’m doing this:

Code: Select all

{foreach $items as $item}
  		{$filename=$item->fielddefs.datei}
  		{assign var="file_path" value=$item->fielddefs.datei->GetImagePath(true)|cat:"/":$filename}
…
{filesize path=$file_path}

And despite the fact that the file is there and the path correctly points to it, the code in the UDT appears to return false for the file_exists() function.

I’m kind of at a loss.
User avatar
Rolf
Dev Team Member
Dev Team Member
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Location: The Netherlands
Contact:

Re: [LISE] PHP function … not allowed by security setting

Post by Rolf »

Untested:

Code: Select all

// read parameters
$path = isset($params['path']) ? $params['path'] : '';

  $filesize = filesize($path);
  // beautify filesize
  $suffix = "B"; // for Bytes
  if($filesize > 1024)
    {
      $filesize = $filesize / 1024;
      $suffix = "KB";
      if($filesize > 1024)
      {
        $filesize = $filesize / 1024;
        $suffix = "MB";
        if($filesize > 1024)
        {
          $filesize = $filesize / 1024;
          $suffix = "GB";
        }
      }
    }

  $filesize = sprintf("%.2f", $filesize);

  // edit this line, if you want a different representation of your link
  echo $filesize.$suffix;

Code: Select all

{foreach $items as $item}
   {if !empty($item->fielddefs.datei)}
        {$file_path = $item->fielddefs.datei->GetImagePath(true)|cat:"/":$filename=$item->fielddefs.datei}
        {filesize path=$file_path}
   {/if}
You say the path to the file is okay. But is it the server path to the file of the file url?
In my tutorial I use the URL, not a server path...
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
10010110
Translator
Translator
Posts: 200
Joined: Tue Jan 22, 2008 9:57 am

Re: [LISE] PHP function … not allowed by security setting

Post by 10010110 »

The output of {$item->fielddefs.datei->GetImagePath(true)} is “//lmr2.dev/uploads/downloads”. The output of {$filename=$item->fielddefs.datei} is the file name. I’m concatenating this in the $file_path variable, so the output of {$file_path} is “//lmr2.dev/uploads/downloads/RK_LMR-JJO.pdf”, for example; so it outputs the entire URL (without protocol, though). I also added “http:” manually before the URL but it didn’t change anything.

I tried your modified code (where you just removed the file_exists check, if I see this correctly) and it outputs “0.00B”.
User avatar
Rolf
Dev Team Member
Dev Team Member
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Location: The Netherlands
Contact:

Re: [LISE] PHP function … not allowed by security setting

Post by Rolf »

Than I haven't got a clue at the moment... Might be even a php/hosting setting or something?!

Even though I never updated this tutorial in years, it still works!!
A working example you can find on the page https://www.cmscanbesimple.org/blog/for ... stylesheet There is a download link for the FB template.

Working on PHP 7.0.20 and use CMSMS 2.2.1


PS you might wanna try the UDT without the LISE code/template in it. You can rule out causes... Just a file, the UDT in a regular page.
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
User avatar
PinkElephant
Forum Members
Forum Members
Posts: 169
Joined: Fri Feb 06, 2009 2:08 pm

Re: [LISE] PHP function … not allowed by security setting

Post by PinkElephant »

10010110 wrote:the output of {$file_path} is “//lmr2.dev/uploads/downloads/RK_LMR-JJO.pdf”, for example; so it outputs the entire URL (without protocol, though).
Just a thought but shouldn't that be a (relative) path...

Code: Select all

"uploads/downloads/RK_LMR-JJO.pdf"
.. rather than something that looks like a URL?
10010110
Translator
Translator
Posts: 200
Joined: Tue Jan 22, 2008 9:57 am

Re: [LISE] PHP function … not allowed by security setting

Post by 10010110 »

Ha, you’re right, PinkElephant. It turns out it has to be a relative path in the parameter. It must not be an absolute path (starting with a slash) or a full URL. Only a relative path is working.

Strange.
Locked

Return to “Modules/Add-Ons”