getID3() support forums

[guidots]

In my environment (Debian Lenny, Lighttpd 1.4.19, FastCGI, PHP 5.2.6, getID3 1.8.2) I have set up different tmp dirs for every user but sys_get_temp_dir() allways returns /tmp which is not available due to open_basedir.

tempnam() [<a href='function.tempnam'>function.tempnam</a>]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s) in write.id3v2.php on line 89.

According to a comment in the php-manual Apache virtualhosts have the same problem.

I changed line 89 to

Code: Select all

if ($tempfilename = tempnam(sys_get_temp_dir(), 'getID3')) {


and got rid of the problem.

As there are more problems with sys_get_temp_dir() (have a look at the other comments in the manual) it might be better to avoid using it.

[James Heinrich]

Perhaps you can clarify -- you seem to raise a valid point, but say you got rid of the problem that sys_get_temp_dir() returns the wrong thing by using sys_get_temp_dir() ? That doesn't seem to make sense. Can you explain more, please?

In your environment, how would you suggest to get the correct temp folder name?

[guidots]

Oh crab, posted the wrong code. I meant:

Code: Select all

if ($tempfilename = tempnam(ini_get('upload_tmp_dir'), 'getID3')) {

[James Heinrich]

Would something like this work for you? It checks first ini_get('upload_tmp_dir'), if that doesn't get anything it checks sys_get_temp_dir() (if available). It then compares the value of either of these against open_basedir restrictions. If the above fails to get a usable temp dir it falls back to the force-PHP-to-use-something invalid-directory trick of specifying '*'. If your system config is unusual and the above detection doesn't work, there's a line to override the detected setting. Then, of course, all calls to tempnam() are fed GETID3_TEMP_DIR.

Code: Select all

// attempt to define temp dir as something flexible but reliable
$temp_dir = ini_get('upload_tmp_dir');
if ($temp_dir && (!is_dir($temp_dir) || !is_readable($temp_dir))) {
   $temp_dir = '';
}
if (!$temp_dir && function_exists('sys_get_temp_dir')) {
   // PHP v5.2.1+
   // sys_get_temp_dir() may give inaccessible temp dir, e.g. with open_basedir on virtual hosts
   $temp_dir = sys_get_temp_dir();
}
$temp_dir = realpath($temp_dir);
$open_basedir = ini_get('open_basedir');
if ($open_basedir) {
   // e.g. "/var/www/vhosts/getid3.org/httpdocs/:/tmp/"
   $temp_dir     = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $temp_dir);
   $open_basedir = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $open_basedir);
   if (substr($temp_dir, -1, 1) != DIRECTORY_SEPARATOR) {
      $temp_dir .= DIRECTORY_SEPARATOR;
   }
   $found_valid_tempdir = false;
   $open_basedirs = explode(':', $open_basedir);
   foreach ($open_basedirs as $basedir) {
      if (substr($basedir, -1, 1) != DIRECTORY_SEPARATOR) {
         $basedir .= DIRECTORY_SEPARATOR;
      }
      if (preg_match('#^'.preg_quote($basedir).'#', $temp_dir)) {
         $found_valid_tempdir = true;
         break;
      }
   }
   if (!$found_valid_tempdir) {
      $temp_dir = '';
   }
   unset($open_basedirs, $found_valid_tempdir, $basedir);
}
if (!$temp_dir) {
   $temp_dir = '*'; // invalid directory name should force tempnam() to use system default temp dir
}
// $temp_dir = '/something/else/';  // feel free to override temp dir here if it works better for your system
define('GETID3_TEMP_DIR', $temp_dir);
unset($open_basedir, $temp_dir);

Comments and suggestions welcome. Lacking any negative feedback, this will be included in v1.8.3 (and something similar in v2.0.0b7)