Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.9.4

Bug #9511 Shared /tmp dir assumed
Submitted: 2006-11-30 15:51 UTC
From: warrenklint at gmail dot com Assigned: dufuz
Status: Closed Package: Spreadsheet_Excel_Writer (version 0.9.1)
PHP Version: 5.1.2 OS: Ubuntu Dapper LTS
Roadmaps: (Not assigned)    
Subscription  


 [2006-11-30 15:51 UTC] warrenklint at gmail dot com (Warren Klint)
Description: ------------ We use open_basedir to prevent users accidentally sharing cookies and temporary files between websites. Each site has their own temporary dir nearer their docroot. This works really well, apart from with Spreadsheet_Excel_Writer. The problem is here: function _initialize() { // Open tmp file for storing Worksheet data $fh = tmpfile(); if ($fh) { // Store filehandle $this->_filehandle = $fh; } else { // If tmpfile() fails store data in memory $this->_using_tmpfile = false; } } There are two problems. The default value for _using_tmpfile, at the beginning of the class, is ignored. The value will always be true. Allowing a check for the method _using_tmpfile first would solve this: function _initialize() { if ($this->_using_tmpfile == false) { return; } // Open tmp file for storing Worksheet data $fh = tmpfile(); if ($fh) { // Store filehandle $this->_filehandle = $fh; } else { // If tmpfile() fails store data in memory $this->_using_tmpfile = false; } } The second problem is specific to sites which use a shared filesytem for thee data. Because tmpfile() will return something under "/tmp/", and "/tmp/" is disallowed by open_basedir, php kills the script before it gets a chance to work. Switching from tmpfile() to tempnam() fixes this. OLE/PPS/File.php also does this.

Comments

 [2007-08-15 23:56 UTC] dufuz (Helgi Þormar)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. I've added setTmpDir() in that class, now people can't use the class if they have open_basedir restriction on and don't provide a tmp dir that works for them, bummer is tho that it silently fails now if something goes wrong in that part of the code because it's initing in the constructor, might have to change that but that means a BC break and thus everyone would have to update their code :-/
 [2008-08-25 09:10 UTC] snyderp (Peter Snyder)
I still see this problem in latest CVS. When using the intro sample script (http://pear.php.net/manual/en/package.fileformats.spreadsheet-excel-writer.intro.php) I get a bunch of errors like the one below: Warning: fwrite(): supplied argument is not a valid stream resource in /Users/snyderp/Sites/ptest/Spreadsheet/Excel/Writer/Worksheet.php on line 1279 I believe the problem is that Spreadsheet_Excel_Writer_Worksheet::_using_tmpfile is not set to false when ini_get('open_basedir') returns false. I believe that the class should default to storing the results in memory instead of continuing to try and write to the tmp file. The following one-line patch to Spreadsheet/Excel/Writer/Worksheet.php solves the problem. (please excuse any mistakes in submitting this patch. Its a first attempt at a submission to PEAR) Index: Worksheet.php =================================================================== RCS file: /repository/pear/Spreadsheet_Excel_Writer/Spreadsheet/Excel/Writer/Worksheet.php,v retrieving revision 1.4 diff -u -r1.4 Worksheet.php --- Worksheet.php 16 Aug 2007 00:42:22 -0000 1.4 +++ Worksheet.php 25 Aug 2008 09:00:46 -0000 @@ -478,6 +478,7 @@ } if ($this->_tmp_dir === '' && ini_get('open_basedir') === false) { + $this->_using_tmpfile = false; //return new PEAR_Error('open_basedir restriction in effect, please use setTmpDir() for this to work'); return; }
 [2009-11-13 06:53 UTC] seanch (Sean Callan-Hinsvark)
This change introduced a bug where if open_basedir is disabled and you don't set the temporary directory manually it always fails with "supplied argument is not a valid stream resource" errors for the fread, fseek, and fwrite functions like Peter Snyder saw. The problem is the check for open_basedir in the Worksheet::_initialize method is wrong. If open_basedir is enabled then ini_get('open_basedir') will return true, not false. Here is a diff against revision 289242 showing how to fix the bug. --- Worksheet.php +++ Worksheet.php @@ -481,7 +481,7 @@ return; } - if ($this->_tmp_dir === '' && ini_get('open_basedir') === false) { + if ($this->_tmp_dir === '' && ini_get('open_basedir') === true) { //return new PEAR_Error('open_basedir restriction in effect, please use setTmpDir() for this to work'); return; }