i found this error on my opencar's log ( error.log )
2017-04-11 13:42:45 - PHP Warning: is_dir() expects parameter 1 to be
a valid path, string given in
/home/xxxx/domains/xxxx.com/public_html/system/modification/system/engine/action.php
on line 172017-04-11 13:42:45 - PHP Warning: is_file() expects
parameter 1 to be a valid path, string given in
/home/xxxx/domains/xxx.com/public_html/system/modification/system/engine/action.php
on line 27
I dont know how to prevent it, but when i see the code like this :
$file = DIR_APPLICATION . 'controller/' . str_replace(array('../', '..\\', '..'), '', $path) . '.php';
if (is_file($file)) {
$this->file = $file;
$this->class = 'Controller' . preg_replace('/[^a-zA-Z0-9]/', '', $path);
array_shift($parts);
break;
}
i feel someone inject the ftp path, so opencart return the error.
can someone tell me how to prevent it ???
Why are you calling a Controller like this? You are able to easily load in Controllers with the framework of OpenCart, this makes you able to load in contents of your website through custom controllers, this about a header or footer.
Example in a controller:
$data['header'] = $this->load->controller('common/header');
Above the $data variable is the variable whitch is send with setting the output (view). You are able to echo it in the view as '$header'.
Example of echoing:
<?=$header?>
Related
I have been trying to switch my web app from localhost to a school server but it's telling me it cannot find the path:
Warning: require_once(/util/tags.php): failed to open stream: No such
file or directory in
/home/xiaoant/public_html/database_pizza/pizza/util/main.php on line
17
Fatal error: require_once(): Failed opening required '/util/tags.php'
(include_path='///') in
/home/xiaoant/public_html/database_pizza/pizza/util/main.php on line
17
<?php
// Start session to store user and cart data
session_start();
// Get the document root
$doc_root = filter_input(INPUT_SERVER, 'DOCUMENT_ROOT', FILTER_SANITIZE_STRING);
// Get the application path
$uri = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_STRING);
$dirs = explode('/', $uri);
$app_path = '/' . $dirs[1] . '/' . $dirs[2] . '/';
// Set the include path
set_include_path($doc_root . $app_path);
// Get common code
require_once('/util/tags.php');
require_once('/model/database.php');
// Define some common functions
function display_db_error($error_message) {
global $app_path;
include 'errors/db_error.php';
exit;
}
function display_error($error_message) {
global $app_path;
include 'errors/error.php';
exit;
}
?>
If you're using window and hosted it on a linux server Please check you path if it contain upper case letters directory names in linux is case sensitive unlike windows
Also you could list all the files in directory to check
'''$files1 = scandir($dir);
print_r($files1);
'''
And see if it there
I'm using "google-api-php-client" library which is working fine on local system but it's giving following error on server as it's version is 5.2!
syntax error, unexpected T_FUNCTION, expecting ')'
So I have two questions here, if we can fix this error by doing some changes in code to make it work with this function? Below is the code of autoload.php
spl_autoload_register(
function ($className) {
$classPath = explode('_', $className);
if ($classPath[0] != 'Google') {
return;
}
// Drop 'Google', and maximum class file path depth in this project is 3.
$classPath = array_slice($classPath, 1, 2);
$filePath = dirname(__FILE__) . '/' . implode('/', $classPath) . '.php';
if (file_exists($filePath)) {
require_once($filePath);
}
}
);
but I'm not sure how to change the above to solve this issue and also is there any library which can run on php version 5.2? As if I use this, it might be possible that it start giving error on some other functionality. Thanks!
It seems your php version not knows about anonymous functions or closures. Try to use named one:
function autoloadGoogleApi($className) {
$classPath = explode('_', $className);
if ($classPath[0] != 'Google') {
return;
}
// Drop 'Google', and maximum class file path depth in this project is 3.
$classPath = array_slice($classPath, 1, 2);
$filePath = dirname(__FILE__) . '/' . implode('/', $classPath) . '.php';
if (file_exists($filePath)) {
require_once($filePath);
}
}
spl_autoload_register('autoloadGoogleApi');
Still, I'm also want to point out, that php version you specifying is very old, so I'm suggesting to really consider option of upgrading.
UPD: 3v4l test
I am trying to display CSV data to array or something as an output using Zend Framework 2
I have created "hello world" module and the controller calls works fine.
CSV File location is data/csv/Foo.csv
Below is my controller:
public function indexAction()
{
$filename = 'data/csv/Foo.csv';
$useFirstRecordAsHeader = true;
$delimiter = ',';
$enclosure = '"';
$escape = '\\';
$this->file = new SplFileObject($filename);
$this->file->setFlags(SplFileObject::READ_CSV | SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE);
$this->file->setCsvControl($delimiter, $enclosure, $escape);
$this->useFirstRecordAsHeader = $useFirstRecordAsHeader;
return $this;
}
But right now I am getting the error:
SplFileObject::__construct(csv/Foo.csv): failed to open stream: No
such file or directory
My CSV file is in the same folder controller/csv/Foo.csv
How to read a CSV file content and display as output array or any other format? I want to do it using Zend Framework 2 only.
You are trying to open $this->file = new SplFileObject('csv/Foo.csv');, since you are using a relative path, on execution time that wont resolve to the folder where your controller is at (it will probably resolve to [yourprojectroot]/csv/Foo.csv).
If you really wanted to store this csv in controller/csv, you should use something like:
$this->file = new SplFileObject(dirname(__FILE__) . '/csv/Foo.csv');
But, saving that csv there is bad for a several reasons. First you'd need to grant write permission to your webserver to be able to write in that directory, and you'd be fundamentally messing up with your data/code structure (data and code shouldn't reside together, but in easily separated silos).
Better, create a folder "data" and and another folder "csv" in your projects directory, give your webserver permission to write there (chmod || chown, other methods), and do something like:
$file = 'data'. DIRECTORY_SEPARATOR . 'csv' . DIRECTORY_SEPARATOR . 'Foo.csv' ;
$this->file = new SplFileObject($file );
Besides that, I'm not sure what you are returning actually makes sense. Try something like:
public function indexAction()
{
$filename = 'data' . DIRECTORY_SEPARATOR . 'csv' . DIRECTORY_SEPARATOR . 'Foo.csv';;
$this->file = new SplFileObject($filename);
$this->file->setFlags(SplFileObject::READ_CSV | SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE);
$this->file->setCsvControl(',', '""', '\\');
$this->useFirstRecordAsHeader = true;
$response = $this->getResponse();
$headers = $response->getHeaders();
$headers->addHeaderLine('Content-Type', 'text/csv');
$contents = $this->file->fread($this->file->getSize());
$response->setContent($contents);
return $response;
}
You should not put your csv directory in the Controller directory, as it is not a controller. It's against the MVC architecture. The good practise is to put data in the data directory, under your root directory, at the same level as your module directory.
So assuming you have it on this data directory, you can simply write:
$this->file = new SplFileObject('data/csv/Foo.csv');
or better (for portability):
$filename = 'data'. DIRECTORY_SEPARATOR . 'csv' . DIRECTORY_SEPARATOR . 'Foo.csv' ;
$this->file = new SplFileObject($filename );
I am getting following error, when I try to save data into db after file upload:
finfo_file(/tmp/phpqE6gyD): failed to open stream: No such file or directory
This is the code:
$userFolderPath = \Yii::getAlias('#webroot') . DIRECTORY_SEPARATOR . 'files' . DIRECTORY_SEPARATOR . \Yii::$app->user->getIdentity()->iduser;
$model = new CsFile();
$files = UploadedFile::getInstances($model, 'files');
$errors = [];
if (!file_exists($userFolderPath))
mkdir($userFolderPath, 0777, true);
foreach($files as $file):
$fileModel = new CsFile();
$fileModel->files = $file;
if($fileModel->validate()):
$filename = str_replace(' ', '_', $file->baseName);
if(file_exists($userFolderPath . DIRECTORY_SEPARATOR . $filename . "." . $file->extension)):
$filename .= "-" .uniqid();
endif;
$fileModel->files
->saveAs($userFolderPath .DIRECTORY_SEPARATOR. $filename . '.' . $fileModel->files->extension);
$fileModel->iduser = Yii::$app->user->getIdentity()->iduser;
$fileModel->name = $filename;
$fileModel->extension = $file->extension;
$fileModel->add_date = date('Y-m-d H:i:s');
$fileModel->save();
else:
endif;
endforeach;
var_dump('<pre>', $errors, '</pre>');
I had the same problem a few weeks ago. Turns out, when we rename the file before upload and try to save the model, this error will appear.
If that attribute it's only for handle your upload and have no field in your table, you can just unset this fields before saving: $files Model->files = null.
Let me know if your scenario is different than mine.
Yii2 use UploadFile class through function $model->upload() to save upload file
To fix this use inside your $model->upload function :
return copy($this->YourAttribute->tempName, $newFileName);
instead
return $model->attribute->saveAs($newFileName)
Clyff is right. But in case you are saving the path of the file in database to read later, setting the attribute to null is not going to work.
The problem is when you try to save the model still with result of UploadedFile::getInstance($model, 'file') in the file field which is already used by $model->file->saveAs();
$model->save() cannot save the path of the saved and already removed temporary files path directly.
So after successful $model->file->saveAs($path) you need to do something like:
$model->file = $path;
It was quite unclear to me and spent a bit of time after fileinfo , so hope the answer helps.
I was having same problem, I solved it with this:
$model->file->saveAs($filepath , false)
then...
$model->save(false)
Important: In the saveAs function pass false parameter.
Using false parameter in $model->save(false) that means you are ignoring model validation, which is not right.
But using false as a second parameter in $file->saveAs($path,false) means you are trying to keep the file in the temp folder after being uploaded and allow the model to access the file during validation when trying to save to the database.
If the model fails to access the file (i.e removed from the temp folder after being uploaded), you will getting an ERROR Fail to open a stream, No such file/folder
I am redirecting all page requests through a file called index.php which looks at the URL the visitor requested and sees if there is a template file to match.
For example, http://www.website.com/contact will actually route to the index.php script and should check to see if the file /var/html/template/contact.tpl exists and include it if it does.
My concern is with regards to security and null characters, extra dots and slashes, etc. Does any kind of filter need applying to the code below or is the use of pathinfo and the directory prefix enough? Obviously I don't want anyone to be able to maliciously include files outside of the designated template directory.
<?php
define ('TEMPLATES', '/var/html/templates');
$page = pathinfo ($_SERVER['REQUEST_URI'], PATHINFO_FILENAME);
if (file_exists (TEMPLATES . '/' . $page . '.tpl')) {
include (TEMPLATES . '/' . $page . '.tpl');
} else {
header ('HTTP/1.0 404 Not Found');
echo 'Sorry page not found';
}
?>
To be 100% safe, make a list of allowed pages and check that it's in that array before returning the page.
You could even try a php glob() e.g..
define ('TEMPLATES', '/var/html/templates/');
$page = TEMPLATES . pathinfo($_SERVER['REQUEST_URI'], PATHINFO_FILENAME) . '.tpl';
if (in_array($page, glob(TEMPLATES . '*.tpl'))) {
include ($page);
} else {
header ('HTTP/1.0 404 Not Found');
echo 'Sorry page not found';
}
This will validate that it's in that folder and that the extension is '.tpl'
Sorry - just edited to make glob() behaviour correct.