My website has a feature that uploads files and displays them. So there is a folder in the public directory that stores those files.
But the main problem is that after each upload, I have to manually change the privacy of that particular file, otherwise it gives me error 403 Forbidden.
Can anyone please tell me how to make it world readable automatically, without me manually updating it each time?
This is Linux - Fedora
p.s. Just a beginner
Using php command - chmod($target_path, 0644);
http://php.net/manual/en/function.chmod.php
Related
I am developing an open source application which should mount webdav share to local drive letter just like NETDRIVE and WEBDRIVE using node.js and electron-js, so in my application at present I am downloading all files from webdav share which takes a lot of time and not reliable for heavy data. Is there any other approach so that whenever user access a file, only that particular file should be fetched from webdav share, I’ve tried to display files meta data(dummy) structure in directory and kept that directory under file-watcher. So that when user tries to open a file then watcher should capture file open event to get which file was user trying to access, so that in background of application a service will triggered to fetch that particular file using file-path as reference, but none of them are unable to capture file open event. Is there any other approach to do so, correct me if I am in wrong direction.
Thank's
I think you want virtual file-system and recommend Dokan library.
Dokan is the start point of Windows virtual file-system application.
Open Source : Dokan (https://en.wikipedia.org/wiki/Dokan_Library)
Commercial: EldoS CBFS (https://www.eldos.com/cbfs)
Google, Naver use Dokan and NetDrive, RaiDrive(mine) use CBFS.
Bit of a loose question so if it gets marked down I'll remove it.. but..
I'm using Primefaces/Spring/Hibernate for Java server.
My application knows a load of file names I need to upload. Those files are on my local computer. Is it possible to tell the application the root directory of these files, for it to then setup uploads for each of these files without me needing to browse for each file individually?
I assume this is a browser security issue, i.e. the user needs to explicitly state which file the application is allowed to know about etc?
If not I'll have to do it in a local application but I was hoping there was a way a mass upload could be kicked off from the browser by just setting the local directory of the files.
I decided to use the Primefaces uploader, upload all the files in the directory and let the application sort them out once it has them on the server.
We have to fix some security vulnerability in our system, and one of the items is to: disable execution of uploaded scripts/exe's through file upload control.
We have excel upload facility. Lets say hypothetically hacker changes the .exe to .xls and uploads it (there are ways to block that, but ignore that for now). Also assume that
the upload folder is within pubilc directory from where the website is installed in IIS. OR
Someone can access that file by specifying a full path of file thru some api endpoint of which hacker is aware of
Now given that there is an exe or a script which is accessible to the hacker through above means, is it possible for hacker to run that script/exe in someway, so that it can cause harm to the server where the site is hosted?
I am not really security expert hence cant think ways how that can be possible? How a hacker can remotely run exe/script on server, given that they does not have any access to the server.
One of the things that you should definitely do is to remove IIS handlers permissions from running scripts, otherwise anybody can upload a ".asp" or a ".aspx" or any other script engine file and then execute it by requesting it. One simple way to test that is just create a "test.asp" file with "<%= Now() >" and if that returns you the date, then anybody can upload scripts and run them in your server.
The way to disable that in IIS 7+ would be to add a configuration file in a parent directory and edit the permission for handlers, for example assuming a child folder called "public" you can drop the following web.config to disable that:
<configuration>
<location path="public">
<system.webServer>
<handlers accessPolicy="Read" />
</system.webServer>
</location>
</configuration>
You can test then that it should no longer execute the file and instead block it. If you want to allow download of them, then you'll need to configure the static file handler (and request filtering) to handle everything instead, but make sure you do that for that folder only since you don't want people downloading your source code.
Running the script would require remote access to the server, either directly or by exploiting some bug in the website code (similar to SQL injection). The risk here is mostly in hosting malware, especially if you allow user uploads to be downloaded by other users. While getting malware onto a machine is not as simple as just renaming an executable to another file type (it still has to be run as an executable rather than an Excel spreadsheet, for instance, to be able to function), it is possible to embed malware in various types of files, such that the act of opening that file causes execution of the malware. In that sense, you really can't tell at a glance whether a file is malware or not. It could look like an Excel file even open up properly in Excel, but still wreck havoc. The only way to be safe is scan all user uploaded files with a good antimalware application.
As far as running something remotely goes, though, the access to the server required to run the script would provide a much better avenue for mischief that your upload form, anyways. So anyone who could manage that kind of access isn't going to be trying to exploit you through your upload form, and anyone who uploads something malicious without that access can't really do anything.
I have a owncloud server and the owncloud desktop client.What I want to do is to be able to delete things server wise and have it automatically delete from the pc. The problem is that the owncloud client displays a warning message of "Remove All Files"? with the choices of Remove all files or to keep files when the files are deleted from the server. Is there a way to not have the prompt come up and automatically remove all files?
In the version 2.2.3 (maybe earlier), you can change the configuration file to disable the prompt.
See the code where the prompt is invoked and the code showing the configuration file property.
If you edit (on Windows): c:\Users\myuser\AppData\Owncloud\owncloud.cfg and add the following, under the [General] section, you will no longer get the prompt.
promptDeleteAllFiles=false
The short answer: You cannot change this currently.
The long answer: The dialog was added as a safe-guard because there were cases where you could lose all your files unintentionally, e.g. if your admin re-created your account and left it empty. The client would assume the files had gone and would replicate this (it could not know better), so it would replicate the data removal locally. The code is still there today just to be safe.
If you are fearless, you can patch Folder::slotAboutToRemoveAllFiles(). Alternatively, you could open a bug report so we can solve this for everyone. What is your motivation to be able to do this without a prompt?
PS: The sources can be found on GitHub. URL and build instructions at http://doc.owncloud.org/desktop/1.5/building.html.
I have a script that processes the files that someone drops into ownCloud and it will then move them to the final storage place. However, this prompt stops the client from syncing until I manually log in to acknowledge it... I guess I will learn how to patch this.. Dropbox doesn't do this. Google Drive doesn't do this. But since I can't use cloud services (compliance issues), I have to use this solution until I can build a new secure upload means.
I'm having problems uploading and even viewing files in the File section of MODX Revolution 2.2.3-pl. When I try to upload a file, all I get is "Upload error". Nothing shows up in the Filesystem area, just a folder called Media that doesn't let me do anything. Any ideas of what might be going on?
As far as file system permissions go, all folders are set to 755 and all files are set to 644. I'm seeing this behavior logged in as admin/sudo. I just moved my installation of MODX from my local machine, where I believe it worked right, to a shared hosting environment, and that's where I'm seeing this issue.
There has been a recent update to 2.2.4-pl after reported problems with the file manager.
I'd recommend updating to 2.2.4-pl and check if the problem is still present.
Also it could be that your MOD system settings have Use Multibyte Extension enabled but PHP hasn’t been compiled with the –enable-mbstring option.
Hidden away in the MODx Media Browser is a failed response to a JSON request and an error message showing…
Fatal error: Call to undefined function mb_strtolower() in on line 168
If you can’t recompile PHP or just need to get your Media Browser working again, go to System Settings and set Multibyte Extension to No.
All the credit to [Max Mitchell's Post].1