CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[LISE] PHP function … not allowed by security setting

https://forum.cmsmadesimple.org/viewtopic.php?t=76784

Page 1 of 1

[LISE] PHP function … not allowed by security setting

Posted: Fri Jun 23, 2017 11:18 am
by 10010110
I’m using LISE as a simple download manager and previously I’ve retrieved the size of files using this:

Code: Select all

{assign var="bytes" value=filesize("uploads/downloads/$filename")}
As of CMS version 2 (or Smarty 3) this isn’t possible anymore because of
PHP function 'filesize' not allowed by security setting
I’ve read about $config['permissive_smarty'] = 1; but that only makes the error disappear with the file size not being shown anymore either.

What’s the best way to get the file size within CMSMS/LISE?

Re: [LISE] PHP function … not allowed by security setting

Posted: Fri Jun 23, 2017 1:18 pm
by Rolf
Might help https://www.cmscanbesimple.org/blog/mak ... -to-a-file

Re: [LISE] PHP function … not allowed by security setting

Posted: Fri Jun 23, 2017 3:59 pm
by 10010110
Thanks Rolf, I also thought about something like this but neither did I get my nor your code to work.

I modified your code example like so in my UDT called “filesize”:

Code: Select all

// read parameters
$path = isset($params['path']) ? $params['path'] : '';

// check if file exists
if(file_exists($path))
{
  $filesize = filesize($path);
  // beautify filesize
  $suffix = "B"; // for Bytes
  if($filesize > 1024)
    {
      $filesize = $filesize / 1024;
      $suffix = "KB";
      if($filesize > 1024)
      {
        $filesize = $filesize / 1024;
        $suffix = "MB";
        if($filesize > 1024)
        {
          $filesize = $filesize / 1024;
          $suffix = "GB";
        }
      }
    }

  $filesize = sprintf("%.2f", $filesize);

  // edit this line, if you want a different representation of your link
  echo $filesize.$suffix;
}
else
{
  // this is shown if the file you try to link can't be found
  echo 'n.v.';
}
In the LISE template I’m doing this:

Code: Select all

{foreach $items as $item}
  		{$filename=$item->fielddefs.datei}
  		{assign var="file_path" value=$item->fielddefs.datei->GetImagePath(true)|cat:"/":$filename}
…
{filesize path=$file_path}

And despite the fact that the file is there and the path correctly points to it, the code in the UDT appears to return false for the file_exists() function.

I’m kind of at a loss.

Re: [LISE] PHP function … not allowed by security setting

Posted: Sat Jun 24, 2017 9:28 am
by Rolf
Untested:

Code: Select all

// read parameters
$path = isset($params['path']) ? $params['path'] : '';

  $filesize = filesize($path);
  // beautify filesize
  $suffix = "B"; // for Bytes
  if($filesize > 1024)
    {
      $filesize = $filesize / 1024;
      $suffix = "KB";
      if($filesize > 1024)
      {
        $filesize = $filesize / 1024;
        $suffix = "MB";
        if($filesize > 1024)
        {
          $filesize = $filesize / 1024;
          $suffix = "GB";
        }
      }
    }

  $filesize = sprintf("%.2f", $filesize);

  // edit this line, if you want a different representation of your link
  echo $filesize.$suffix;

Code: Select all

{foreach $items as $item}
   {if !empty($item->fielddefs.datei)}
        {$file_path = $item->fielddefs.datei->GetImagePath(true)|cat:"/":$filename=$item->fielddefs.datei}
        {filesize path=$file_path}
   {/if}
You say the path to the file is okay. But is it the server path to the file of the file url?
In my tutorial I use the URL, not a server path...

Re: [LISE] PHP function … not allowed by security setting

Posted: Sat Jun 24, 2017 9:56 am
by 10010110
The output of {$item->fielddefs.datei->GetImagePath(true)} is “//lmr2.dev/uploads/downloads”. The output of {$filename=$item->fielddefs.datei} is the file name. I’m concatenating this in the $file_path variable, so the output of {$file_path} is “//lmr2.dev/uploads/downloads/RK_LMR-JJO.pdf”, for example; so it outputs the entire URL (without protocol, though). I also added “http:” manually before the URL but it didn’t change anything.

I tried your modified code (where you just removed the file_exists check, if I see this correctly) and it outputs “0.00B”.

Re: [LISE] PHP function … not allowed by security setting

Posted: Sat Jun 24, 2017 10:11 am
by Rolf
Than I haven't got a clue at the moment... Might be even a php/hosting setting or something?!

Even though I never updated this tutorial in years, it still works!!
A working example you can find on the page https://www.cmscanbesimple.org/blog/for ... stylesheet There is a download link for the FB template.

Working on PHP 7.0.20 and use CMSMS 2.2.1


PS you might wanna try the UDT without the LISE code/template in it. You can rule out causes... Just a file, the UDT in a regular page.

Re: [LISE] PHP function … not allowed by security setting

Posted: Sat Jun 24, 2017 10:32 am
by PinkElephant
10010110 wrote:the output of {$file_path} is “//lmr2.dev/uploads/downloads/RK_LMR-JJO.pdf”, for example; so it outputs the entire URL (without protocol, though).
Just a thought but shouldn't that be a (relative) path...

Code: Select all

"uploads/downloads/RK_LMR-JJO.pdf"
.. rather than something that looks like a URL?

Re: [LISE] PHP function … not allowed by security setting

Posted: Wed Jun 28, 2017 1:50 pm
by 10010110
Ha, you’re right, PinkElephant. It turns out it has to be a relative path in the parameter. It must not be an absolute path (starting with a slash) or a full URL. Only a relative path is working.

Strange.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited