• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: PHP function 'file_get_contents' not allowed by security set
PostPosted: Wed Sep 02, 2015 4:47 am 
Offline
Power Poster
Power Poster
User avatar

Joined: Fri Apr 18, 2008 9:34 pm
Posts: 319
Location: Nimbin, Australia
i just upgraded a 1.12.1 to 2.0 RC1 using phar installer.
main problem i'm having is Javascript doesnt load. i use rolf's little script:

http://www.cmscanbesimple.org/blog/easy ... s-and-code

when trying to get to the js url directly i get an oops smarty error.
PHP function 'file_get_contents' not allowed by security setting

i upgraded twice, the 1.12.1 doesnt have that problem, hence i think server configuration must be good enough

full trace:
Quote:
#0 /var/www/cmsms/lib/smarty/sysplugins/smarty_security.php(250): Smarty_Internal_TemplateCompilerBase->trigger_template_error('PHP function 'f...')
#1 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2060): Smarty_Security->isTrustedPhpFunction('file_get_conten...', Object(Smarty_Internal_SmartyTemplateCompiler))
#2 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2303): Smarty_Internal_Templateparser->yy_r154()
#3 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templateparser.php(2398): Smarty_Internal_Templateparser->yy_reduce(154)
#4 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_smartytemplatecompiler.php(114): Smarty_Internal_Templateparser->doParse(11, '}')
#5 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_templatecompilerbase.php(396): Smarty_Internal_SmartyTemplateCompiler->doCompile('{* when changin...', true)
#6 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(226): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(CMS_Smarty_Template))
#7 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(152): Smarty_Template_Compiled->compileTemplateSource(Object(CMS_Smarty_Template))
#8 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(199): Smarty_Template_Compiled->process(Object(CMS_Smarty_Template))
#9 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#10 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#11 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('content:content...', 'p473|content_en', '473content_en', NULL, false, false, false)
#12 [internal function]: Smarty_CMS->fetch('content:content...', '|content_en', '473content_en')
#13 /var/www/cmsms/lib/classes/internal/class.CMS_Smarty_Template.php(10): call_user_func_array(Array, Array)
#14 /var/www/cmsms/lib/classes/internal/class.CMS_Content_Block.php(277): CMS_Smarty_Template->fetch('content:content...', '|content_en', '473content_en')
#15 /var/www/cmsms/tmp/templates_c/cf354710773db5eee8b40ba3ba9c0b4a0ddf5f33_0.tpl_body.57.php(26): CMS_Content_Block::smarty_internal_fetch_contentblock(Array, Object(CMS_Smarty_Template))
#16 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(371): content_55e709beeeac09_64026506(Object(CMS_Smarty_Template))
#17 /var/www/cmsms/lib/smarty/sysplugins/smarty_template_compiled.php(202): Smarty_Internal_Template->getRenderedTemplateCode()
#18 /var/www/cmsms/lib/smarty/sysplugins/smarty_internal_template.php(246): Smarty_Template_Compiled->render(Object(CMS_Smarty_Template))
#19 /var/www/cmsms/lib/smarty/Smarty.class.php(824): Smarty_Internal_Template->render(true, false, false)
#20 /var/www/cmsms/lib/classes/internal/class.Smarty_CMS.php(315): Smarty->fetch('tpl_body:57', 'p473', NULL, NULL, false, false, false)
#21 /var/www/cmsms/index.php(168): Smarty_CMS->fetch('tpl_body:57')
#22 {main}


----------------------------------------------
Cms Version: 2.0-rc1
Installed Modules:
CMSMailer: 5.2.4
FileManager: 1.5
MenuManager: 1.50
ModuleManager: 2.0
News: 2.50
CGSmartImage: 1.20.2
Search: 1.50
TinyMCE: 2.9.12
CGSimpleSmarty: 1.9.1
CGExtensions: 1.49.7
CGBlog: 1.13.1
CGFeedback: 1.7.2
Captcha: 0.5.2
FormBuilder: 0.8.1.1
AdminSearch: 1.0
MicroTiny: 2.0
JQueryTools: 1.3.6
CMSContentManager: 1.0
DesignManager: 1.0
Navigator: 1.0

Config Information:
php_memory_limit:
max_upload_size: 2000000
url_rewriting: mod_rewrite
page_extension: .html
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Australia/Sydney
permissive_smarty: false

Php Information:
phpversion: 5.4.44-1~dotdeb+7.1
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
test_file_timedifference:
test_db_timedifference:
memory_limit: 128M
max_execution_time: 30
output_buffering: 4096
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 2M
session_save_path: /var/lib/php5 (1733)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)

Performance Information:
allow_browser_cache: Off (False)
browser_cache_expiry: 0
php_opcache: Off (False)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
smarty_cache_udt: Off (False)
auto_clear_cache_age: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysql)
Server Db Version: 5.6.19
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No file system time difference found

----------------------------------------------


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: PHP function 'file_get_contents' not allowed by security
PostPosted: Wed Sep 02, 2015 6:24 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7936
Location: Fernie British Columbia, Canada
file_get_contents() cannot be used from within a smarty template in 2.0 as part of the security policy.

try {fetch}.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: PHP function 'file_get_contents' not allowed by security
PostPosted: Thu Sep 03, 2015 12:38 am 
Offline
Power Poster
Power Poster
User avatar

Joined: Fri Apr 18, 2008 9:34 pm
Posts: 319
Location: Nimbin, Australia
thanks. now i get
Quote:
directory ... not allowed by security setting.

i dont know how/where to add directories (despite reading smarty manual on security)

so i tried (against recommendation)
Quote:
$config['permissive_smarty'] = 1;
but this didnt work for fetch. it allows file_get_contents again though.

this issue is probably outside the scope of beta testing but it'd be so much easier to not (also) have to deal with JS errors.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: PHP function 'file_get_contents' not allowed by security
PostPosted: Thu Sep 03, 2015 11:33 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Fri Apr 18, 2008 9:34 pm
Posts: 319
Location: Nimbin, Australia
@Rolf
i added
Code:
$smarty = cmsms()->GetSmarty();
$smarty->AddTemplateDir('./uploads/js');
to your content_type UDT to make this work with {fetch} in 2.0


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
HostPapa CMS Made Simple hosting