Code with chmod was probably not touched ever.

Code with chmod was probably not touched ever.

Ok, but i just made an account and posted some images, and they are all 755. Mystery?

Right now i'm changing all posted images to 644 via ftp, thanks god i can mass change them.

Uploading Avatars is ok, files=644  !!

 

We have an old Osclass site, not upgraded to Osclasspoint release, same server, same plan, and all uploads are correct with 644.

Checked all osclasspoint sites i upgraded the last 3 months (or so), two different servers/hosting companies and all NEW ads with images are with 755.

So something is happening in there.

There is some code for all that here. Could in there be an issue?

Indeed all uploads are show as 755. Good catch.

Edit: actually not all. Some are 755 for some reason (=uploads after Osclasspoint update) and others correctly 644 (probably old uploads before Osclasspoint release)

This folder contains images that the user has uploaded, shouldn't he have access to them, for example if the user wants to delete his post?

We have an old Osclass site, not upgraded to Osclasspoint release, same server, same plan, and all uploads are correct with 644.

Checked all osclasspoint sites i upgraded the last 3 months (or so), two different servers/hosting companies and all NEW ads with images are with 755.

So something is happening in there.

It really depends, i.e. upgrade funcionality will run this permission set as well. As mentioned before, this piece of code is unchanged, there was no reason to touch permissions.

Quote from: dsf on February 15, 2023, 04:49:28 PM

Indeed all uploads are show as 755. Good catch.

Edit: actually not all. Some are 755 for some reason (=uploads after Osclasspoint update) and others correctly 644 (probably old uploads before Osclasspoint release)

This folder contains images that the user has uploaded, shouldn't he have access to them, for example if the user wants to delete his post?

The user doesnt' delete anything, Osclass does. 644 for files and 755 for folders is what is correct. Always has been, in Osclass and Wordpress and everywhere as default.

See what i mean:

It really depends, i.e. upgrade funcionality will run this permission set as well. As mentioned before, this piece of code is unchanged, there was no reason to touch permissions.

Well for some reason that doesn't happen. Every image upload has 755 and that is wrong. And i'm not talking for any upgrade, i see that i  all new images after Osclasspoint date was installed. So definitely something is changed.

If you write a new ad and a photo, on your demo public site, the permission is 644?

Yes, this helped. Osclass now creates 644 in uploads:

Code: [Select]

# ls -al /var/www/html/osclass/oc-content/uploads/0/23*
-rw-r--r-- 1 www-data www-data 2865525 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_original.png
-rw-r--r-- 1 www-data www-data  619644 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23.png
-rw-r--r-- 1 www-data www-data  347548 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_preview.png
-rw-r--r-- 1 www-data www-data  105179 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_thumbnail.png

Quote

filePermission you can try 0644, but not sure how it impacts PHP files

PHP/JS/IMAGE files shouldn't be exec.

I haven't testet the market yet. Should it be the same for it, or something else should be changed?

Guys ALL FILES (no matter what they are) should/must be 644. We have been working Wordpress for years with that, no issues, it is published all over the internet.

What about files in plugins/themes dirs? Do you have all of them set as execs too?

Imagemagick write file in way:
      $this->im->writeImage($imagePath);

GD library:
          imagepng($this->im, $imagePath, 0);
          imagejpeg($this->im, $imagePath);

Imagemagick write file in way:

Code: [Select]

      $this->im->writeImage($imagePath);

GD library:

Code: [Select]

          imagepng($this->im, $imagePath, 0);
          imagejpeg($this->im, $imagePath);

GD or Imagik, same 755 for images, if this is what you mean.

Yes, but do not see option to change it, so only option would be to set chmod on each after it is created