CAPTCHA images are being created with 600 permissions
How Do I?
Hello
I recently upgraded EE to 2.11.9. This is the most current version the server will support. But now the captchas no longer work.
Looking at the /images/captchas folder is has 777 permissions but all captchas images that get created are only 600. So the browser fails to load them with a 403 Forbidden error.
If I change the image file permission by hand to 644 the images load as expected.
How can I configure the EE captcha to set the file permissions on the created images to 644?
thank you, patrick
Hi Patrick,
I’d check the settings in system/expressionengine/config/constants.php for FILE_WRITE_MODE. The default is 0666 but it sounds like yours might be at 0600.
Hey Seth,
Thanks for responding to my question. I checked and unfortunately the constant appears to be defined correctly. Might there be another setting/config that I should check?
define(‘FILE_WRITE_MODE’, 0666);
Note: If I upload images in the CMS Admin. Those images are created with the 666 permissions. Not sure what the difference is between the two.
Do you have mod_security running on your web server? If so, check the SecUploadFileMode setting. The default for that value is 0600.
Hi Seth,
Sorry for the long delay. It took a few days for my hosting company to let me know. They said that mod_security is not enabled/running.
Can I have you create a file named imagetest.php in a folder with 777 permissions with the following code:
<?php
// Create a blank image and add some text
$im = imagecreatetruecolor(120, 20);
$text_color = imagecolorallocate($im, 233, 14, 91);
imagestring($im, 1, 5, 5, 'A Simple Text String', $text_color);
// Save the image as 'simpletext.jpg'
imagejpeg($im, 'simpletext.jpg');
// Free up memory
imagedestroy($im);Accessing that should reveal the issue.
I added the imagetest.php file. When I load it in the browser I get a http 500 internal server error. Are there dependencies I need to load?
Here is a link to the file. https://www.gohbe.com/images/captchas/imagetest.php
There are no dependencies to load. It runs standard PHP methods, so if that’s generating a 500 error then there’s something not right with your environment. I would have your web host look at the web server’s error log. It should contain the cause for the 500 error.
Thanks Seth, I’ll ask the web host if they can help me figure out what this error means.
[Thu Aug 24 14:42:56 2017] [error] [client 208.57.218.250] Premature end of script headers: /var/www/images/captchas/imagetest.php SoftException in Application.cpp:564: Directory “/var/www/images/captchas” is writeable by group
That error is because the host has setup the Apache install so it won’t run php code that is in a public folder. (777) Changing the directory to (755) allows the script to run. Running the script in a (775) directory now creates the image without any errors. The only problem is the new image simpletext.jpg is created with these permissions (600) which throws a 403 error.
https://www.gohbe.com/images/captchas/simpletext2.jpgIf I add this statement to your script after the image is created everything works as expected. The image is created and has the correct permissions to be view-able.
chmod(“./simpletext.jpg”, 0644);
https://www.gohbe.com/images/captchas/simpletext.jpgIt sounds like your server environment has a umask set which is causing all new files to be 0600. Most servers default to 0644 for their files. Can you have them check? I’d like to confirm my suspicions.
Hi Seth,
I asked the hosting support and they said it was an umask of 0022.
With this mask default directory permissions are 775 and default file permissions are 664.
Unfortunately, something is setting the permissions on the files to 0600. The only other common environmental factor would be suPHP, which has file permission configurations. Regardless, this is an environmental issue that your host should be able to solve for you. In the meantime you can add @chmod($img_path.$img_name, FILE_WRITE_MODE); to system/ee/legacy/helpers/captcha_helper.php around line 219, after the ImageJPEG(...) line. This should get things working in the short term while your host addresses the permission issue.
Hi Seth
Thanks for the work around. I did talk to the hosting company. We spent the last few days looking at this. They tell me there is no limitation from a hosting perspective that would impact PHP.
I was able to use the @chmod(…) statement you provided to resolve the issue. But I had to add it to the Functions.php to actually change the permissions of the captcha images. Adding it to captcha_helper.php had no effect. I also added the statement to all scripts that used the ImageJPEG(…) function.
Thanks for your help.
./systemhbe/codeigniter/system/helpers/captcha_helper.php ./systemhbe/expressionengine/libraries/Functions.php ./systemhbe/expressionengine/third_party/bridge/codeigniter/system/plugins/captcha_pi.php
I had similar problem thx for that answers guys they helped me a lot 😊 .