CMS Made Simple Forums
https://forum.cmsmadesimple.org/

PHP function 'file_get_contents' not allowed by security set
https://forum.cmsmadesimple.org/viewtopic.php?f=82&t=73392
Page 1 of 1

Author:  rotezecke [ Wed Sep 02, 2015 4:47 am ]
Post subject:  PHP function 'file_get_contents' not allowed by security set

i just upgraded a 1.12.1 to 2.0 RC1 using phar installer.
main problem i'm having is Javascript doesnt load. i use rolf's little script:

http://www.cmscanbesimple.org/blog/easy ... s-and-code

when trying to get to the js url directly i get an oops smarty error.
PHP function 'file_get_contents' not allowed by security setting

i upgraded twice, the 1.12.1 doesnt have that problem, hence i think server configuration must be good enough

full trace:
Quote:
#0 /var/www/cmsms/lib/smarty/sysplugins/smarty_security.php(250): Smarty_Internal_TemplateCompilerBase->trigger_template_error('PHP function 'f...')
#1 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2060): Smarty_Security->isTrustedPhpFunction('file_get_conten...', Object(Smarty_Internal_SmartyTemplateCompiler))
#2 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2303): Smarty_Internal_Templateparser->yy_r154()
#3 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2398): Smarty_Internal_Templateparser->yy_reduce(154)
#4 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_smartytemplatecompiler.php(114): Smarty_Internal_Templateparser->doParse(11, '}')
#5 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templatecompilerbase.php(396): Smarty_Internal_SmartyTemplateCompiler->doCompile('{* when changin...', true)
#6 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(226): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(CMS_Smarty_Template))
#7 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(152): Smarty_Template_Compiled->compileTemplateSource(Object(CMS_Smarty_Template))
#8 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(199): Smarty_Template_Compiled->process(Object(CMS_Smarty_Template))
#9 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#10 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#11 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('content:content...', 'p473|content_en', '473content_en', NULL, false, false, false)
#12 [internal function]: Smarty_CMS->fetch('content:content...', '|content_en', '473content_en')
#13 /var/www/cmsms/lib/classes/internal/class.CMS_Smarty_Template.php(10): call_user_func_array(Array, Array)
#14 /var/www/cmsms/lib/classes/internal/class.CMS_Content_Block.php(277): CMS_Smarty_Template->fetch('content:content...', '|content_en', '473content_en')
#15 /var/www/cmsms/tmp/templates_c/cf354710773db5eee8b40ba3ba9c0b4a0ddf5f33_0.tpl_body.57.php(26): CMS_Content_Block::smarty_internal_fetch_contentblock(Array, Object(CMS_Smarty_Template))
#16 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(371): content_55e709beeeac09_64026506(Object(CMS_Smarty_Template))
#17 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(202): Smarty_Internal_Template->getRenderedTemplateCode()
#18 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#19 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#20 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('tpl_body:57', 'p473', NULL, NULL, false, false, false)
#21 /var/www/cmsms/index.php(168): Smarty_CMS->fetch('tpl_body:57')
#22 {main}


----------------------------------------------
Cms Version: 2.0-rc1
Installed Modules:
CMSMailer: 5.2.4
FileManager: 1.5
MenuManager: 1.50
ModuleManager: 2.0
News: 2.50
CGSmartImage: 1.20.2
Search: 1.50
TinyMCE: 2.9.12
CGSimpleSmarty: 1.9.1
CGExtensions: 1.49.7
CGBlog: 1.13.1
CGFeedback: 1.7.2
Captcha: 0.5.2
FormBuilder: 0.8.1.1
AdminSearch: 1.0
MicroTiny: 2.0
JQueryTools: 1.3.6
CMSContentManager: 1.0
DesignManager: 1.0
Navigator: 1.0

Config Information:
php_memory_limit:
max_upload_size: 2000000
url_rewriting: mod_rewrite
page_extension: .html
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Australia/Sydney
permissive_smarty: false

Php Information:
phpversion: 5.4.44-1~dotdeb+7.1
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
test_file_timedifference:
test_db_timedifference:
memory_limit: 128M
max_execution_time: 30
output_buffering: 4096
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 2M
session_save_path: /var/lib/php5 (1733)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)

Performance Information:
allow_browser_cache: Off (False)
browser_cache_expiry: 0
php_opcache: Off (False)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
smarty_cache_udt: Off (False)
auto_clear_cache_age: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysql)
Server Db Version: 5.6.19
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No file system time difference found

----------------------------------------------

Author:  calguy1000 [ Wed Sep 02, 2015 6:24 am ]
Post subject:  Re: PHP function 'file_get_contents' not allowed by security

file_get_contents() cannot be used from within a smarty template in 2.0 as part of the security policy.

try {fetch}.

Author:  rotezecke [ Thu Sep 03, 2015 12:38 am ]
Post subject:  Re: PHP function 'file_get_contents' not allowed by security

thanks. now i get
Quote:
directory ... not allowed by security setting.

i dont know how/where to add directories (despite reading smarty manual on security)

so i tried (against recommendation)
Quote:
$config['permissive_smarty'] = 1;
but this didnt work for fetch. it allows file_get_contents again though.

this issue is probably outside the scope of beta testing but it'd be so much easier to not (also) have to deal with JS errors.

Author:  rotezecke [ Thu Sep 03, 2015 11:33 pm ]
Post subject:  Re: PHP function 'file_get_contents' not allowed by security

@Rolf
i added
Code:
$smarty = cmsms()->GetSmarty();
$smarty->AddTemplateDir('./uploads/js');
to your content_type UDT to make this work with {fetch} in 2.0

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/