PHP function 'file_get_contents' not allowed by security set

Report, and discuss CMSMS 2.0 Beta issues here. This forum is for beta testers, and module developers. Please don't use a beta release for production use.
Locked
User avatar
rotezecke
Power Poster
Power Poster
Posts: 411
Joined: Fri Apr 18, 2008 9:34 pm
Location: Nimbin, Australia

PHP function 'file_get_contents' not allowed by security set

Post by rotezecke »

i just upgraded a 1.12.1 to 2.0 RC1 using phar installer.
main problem i'm having is Javascript doesnt load. i use rolf's little script:

http://www.cmscanbesimple.org/blog/easy ... s-and-code

when trying to get to the js url directly i get an oops smarty error.
PHP function 'file_get_contents' not allowed by security setting

i upgraded twice, the 1.12.1 doesnt have that problem, hence i think server configuration must be good enough

full trace:
#0 /var/www/cmsms/lib/smarty/sysplugins/smarty_security.php(250): Smarty_Internal_TemplateCompilerBase->trigger_template_error('PHP function 'f...')
#1 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2060): Smarty_Security->isTrustedPhpFunction('file_get_conten...', Object(Smarty_Internal_SmartyTemplateCompiler))
#2 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2303): Smarty_Internal_Templateparser->yy_r154()
#3 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2398): Smarty_Internal_Templateparser->yy_reduce(154)
#4 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_smartytemplatecompiler.php(114): Smarty_Internal_Templateparser->doParse(11, '}')
#5 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templatecompilerbase.php(396): Smarty_Internal_SmartyTemplateCompiler->doCompile('{* when changin...', true)
#6 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(226): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(CMS_Smarty_Template))
#7 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(152): Smarty_Template_Compiled->compileTemplateSource(Object(CMS_Smarty_Template))
#8 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(199): Smarty_Template_Compiled->process(Object(CMS_Smarty_Template))
#9 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#10 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#11 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('content:content...', 'p473|content_en', '473content_en', NULL, false, false, false)
#12 [internal function]: Smarty_CMS->fetch('content:content...', '|content_en', '473content_en')
#13 /var/www/cmsms/lib/classes/internal/class.CMS_Smarty_Template.php(10): call_user_func_array(Array, Array)
#14 /var/www/cmsms/lib/classes/internal/class.CMS_Content_Block.php(277): CMS_Smarty_Template->fetch('content:content...', '|content_en', '473content_en')
#15 /var/www/cmsms/tmp/templates_c/cf354710773db5eee8b40ba3ba9c0b4a0ddf5f33_0.tpl_body.57.php(26): CMS_Content_Block::smarty_internal_fetch_contentblock(Array, Object(CMS_Smarty_Template))
#16 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(371): content_55e709beeeac09_64026506(Object(CMS_Smarty_Template))
#17 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(202): Smarty_Internal_Template->getRenderedTemplateCode()
#18 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#19 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#20 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('tpl_body:57', 'p473', NULL, NULL, false, false, false)
#21 /var/www/cmsms/index.php(168): Smarty_CMS->fetch('tpl_body:57')
#22 {main}
----------------------------------------------
Cms Version: 2.0-rc1
Installed Modules:
CMSMailer: 5.2.4
FileManager: 1.5
MenuManager: 1.50
ModuleManager: 2.0
News: 2.50
CGSmartImage: 1.20.2
Search: 1.50
TinyMCE: 2.9.12
CGSimpleSmarty: 1.9.1
CGExtensions: 1.49.7
CGBlog: 1.13.1
CGFeedback: 1.7.2
Captcha: 0.5.2
FormBuilder: 0.8.1.1
AdminSearch: 1.0
MicroTiny: 2.0
JQueryTools: 1.3.6
CMSContentManager: 1.0
DesignManager: 1.0
Navigator: 1.0

Config Information:
php_memory_limit:
max_upload_size: 2000000
url_rewriting: mod_rewrite
page_extension: .html
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Australia/Sydney
permissive_smarty: false

Php Information:
phpversion: 5.4.44-1~dotdeb+7.1
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
test_file_timedifference:
test_db_timedifference:
memory_limit: 128M
max_execution_time: 30
output_buffering: 4096
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 2M
session_save_path: /var/lib/php5 (1733)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)

Performance Information:
allow_browser_cache: Off (False)
browser_cache_expiry: 0
php_opcache: Off (False)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
smarty_cache_udt: Off (False)
auto_clear_cache_age: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysql)
Server Db Version: 5.6.19
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No file system time difference found

----------------------------------------------
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Re: PHP function 'file_get_contents' not allowed by security

Post by calguy1000 »

file_get_contents() cannot be used from within a smarty template in 2.0 as part of the security policy.

try {fetch}.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
User avatar
rotezecke
Power Poster
Power Poster
Posts: 411
Joined: Fri Apr 18, 2008 9:34 pm
Location: Nimbin, Australia

Re: PHP function 'file_get_contents' not allowed by security

Post by rotezecke »

thanks. now i get
directory ... not allowed by security setting.
i dont know how/where to add directories (despite reading smarty manual on security)

so i tried (against recommendation)
$config['permissive_smarty'] = 1;
but this didnt work for fetch. it allows file_get_contents again though.

this issue is probably outside the scope of beta testing but it'd be so much easier to not (also) have to deal with JS errors.
User avatar
rotezecke
Power Poster
Power Poster
Posts: 411
Joined: Fri Apr 18, 2008 9:34 pm
Location: Nimbin, Australia

Re: PHP function 'file_get_contents' not allowed by security

Post by rotezecke »

@Rolf
i added

Code: Select all

$smarty = cmsms()->GetSmarty();
$smarty->AddTemplateDir('./uploads/js');
to your content_type UDT to make this work with {fetch} in 2.0
Locked

Return to “[locked] CMSMS 2.0 Beta”