Issue 1667 - Import digital objects broken (problem with ACL check)
54 views
Skip to first unread message
David at Artefactual
Nov 8, 2010, 4:49:51 PM11/8/10
to ICA-AtoM Users
Re-posted from comment by Alexandre Paes at:
http://code.google.com/p/qubit-toolkit/issues/detail?id=1667
Hi, we are working with a client of ours in some ica-atom installation
(v1.0.9 tarball from September). Is there any easy way to propagate
this fix (like a patch) for people not using svn to keep the
application updated? I've looked at the revision and it seems like
there was a major refactor in the code since we have installed v1.0.9
since there are many files in svn that are not present in my
installation.
Cheers,
Alexandre Paes
http://code.google.com/p/qubit-toolkit/issues/detail?id=1667
Hi, we are working with a client of ours in some ica-atom installation
(v1.0.9 tarball from September). Is there any easy way to propagate
this fix (like a patch) for people not using svn to keep the
application updated? I've looked at the revision and it seems like
there was a major refactor in the code since we have installed v1.0.9
since there are many files in svn that are not present in my
installation.
Cheers,
Alexandre Paes
David at Artefactual
Nov 8, 2010, 4:59:22 PM11/8/10
to ICA-AtoM Users
Hi Alexandre,
Our final fix for this issue doesn't require any changes to the
application code. In the end the issue was resolved by changing the
ini.session.use-only-cookies [1] directive in our php.ini file. The
default value of this directive was changed from "0" in PHP 5.2 to "1"
in PHP 5.3 [2] which broke our access control code for the digital
object import feature.
[1] => http://php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
[2] => http://ca3.php.net/manual/en/migration53.ini.php
Regards,
--
David Juhasz,
Software Engineer, Artefactual Systems Inc.
http://www.artefactual.com | P: +1.604.527.2056 | F: +1.604.521.2059
Our final fix for this issue doesn't require any changes to the
application code. In the end the issue was resolved by changing the
ini.session.use-only-cookies [1] directive in our php.ini file. The
default value of this directive was changed from "0" in PHP 5.2 to "1"
in PHP 5.3 [2] which broke our access control code for the digital
object import feature.
[1] => http://php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
[2] => http://ca3.php.net/manual/en/migration53.ini.php
Regards,
--
David Juhasz,
Software Engineer, Artefactual Systems Inc.
http://www.artefactual.com | P: +1.604.527.2056 | F: +1.604.521.2059
alx....@gmail.com
Nov 8, 2010, 5:42:16 PM11/8/10
to ICA-AtoM Users
Hi David,
Thank you for your reply but i guess there must be something with my
installation because i have changed that setting in php.ini
(session.use_only_cookies = 0) and calling phpinfo() shows this
setting as Off. Nevertheless i can't seem to upload video files i even
tried changing my uploads/tmp dir permission to 777 thinking that
might be the cause of the problem but for some reason this doesn't
seem to do it for me. Can you point me to the php code that is called
by the uploader swf file so that i can investigate this further?
Cheers,
Alex Paes
Thank you for your reply but i guess there must be something with my
installation because i have changed that setting in php.ini
(session.use_only_cookies = 0) and calling phpinfo() shows this
setting as Off. Nevertheless i can't seem to upload video files i even
tried changing my uploads/tmp dir permission to 777 thinking that
might be the cause of the problem but for some reason this doesn't
seem to do it for me. Can you point me to the php code that is called
by the uploader swf file so that i can investigate this further?
Cheers,
Alex Paes
David Juhasz
Nov 8, 2010, 6:30:19 PM11/8/10
to ica-ato...@googlegroups.com
The session.use_only_cookies setting must be "off" for the digital
object import to work, so you are doing the right thing there. I'm
sorry to hear that your still having problems with though. :(
What happens when you try to upload video files? Does the "Link digital
object" function work with the same video files?
The PHP code for uploading files which is called by the swf uploader is
here:
apps/qubit/modules/digitalobject/actions/uploadAction.class.php
Hope that helps!
alx....@gmail.com
Nov 8, 2010, 6:45:14 PM11/8/10
to ICA-AtoM Users
Hi again David,
I just tried the 'Link Digital Object' way and although i still can't
get the system to create a reference representation for my video (even
after installing ffmpeg library) at least it does import the file and
creates the required association.
I've been looking the uploadAction.class.php but now I'm facing a
dilemma, how the heck can i debug what's going wrong with this code?
For some reason in firebug i can't seem to locate the http request
(i'm guessing it's because it is made directly from within flash or
something). Is there an easy way to get some debug output from this
code to be passed to the Javascript calling the upload?
Cheers,
Alex Paes
I just tried the 'Link Digital Object' way and although i still can't
get the system to create a reference representation for my video (even
after installing ffmpeg library) at least it does import the file and
creates the required association.
I've been looking the uploadAction.class.php but now I'm facing a
dilemma, how the heck can i debug what's going wrong with this code?
For some reason in firebug i can't seem to locate the http request
(i'm guessing it's because it is made directly from within flash or
something). Is there an easy way to get some debug output from this
code to be passed to the Javascript calling the upload?
Cheers,
Alex Paes
alx....@gmail.com
Nov 8, 2010, 6:57:08 PM11/8/10
to ICA-AtoM Users
Just a minor update...
I've managed to hack several files to enable logging in the YUI
Uploader and the console log shows the file upload percentage
increasing but when it gets to 100% it prints the following error:
global: IO error for file0. Likely causes are problems with Internet
connection or server misconfiguration.
I have also hacked multiupload.js to have it alert the event.status
property of the event passed to the onUploadError js handler and it
shows me a 401 status code which is coeherent with the result one
would get from and ACL check failure right?
Cheers,
Alex Paes
I've managed to hack several files to enable logging in the YUI
Uploader and the console log shows the file upload percentage
increasing but when it gets to 100% it prints the following error:
global: IO error for file0. Likely causes are problems with Internet
connection or server misconfiguration.
I have also hacked multiupload.js to have it alert the event.status
property of the event passed to the onUploadError js handler and it
shows me a 401 status code which is coeherent with the result one
would get from and ACL check failure right?
Cheers,
Alex Paes
David Juhasz
Nov 8, 2010, 7:14:21 PM11/8/10
to ica-ato...@googlegroups.com
Good work on getting the YUI debugger working Alex - you've got some
javascript skills. ;)
I'd be really surprised if the ACL check is throwing a 401 error, I
haven't explicitly set the WWW-Authenticate header anywhere, but maybe
symfony or PHP is magically setting this header somewhere? One thing
too check for is that the YUI uploader AJAX request is passing a
"symfony" parameter with the session id to the upload page; If the
session id is missing then the ACL check will definitely fail.
I'm curious why the standard (non-flash) upload isn't working properly;
I would try and solve the non-flash problem first and see if that fixes
the flash uploader. A good place to start is
lib/model/QubitDigitalObject.php, Line 1661:
$command = 'ffmpeg -y -i '.$originalPath.' '.$newPath.' 2>&1';
If you echo that string, you can run it on the command line and see if
ffmpeg itself is throwing any errors.
Cheers,
alx....@gmail.com
Nov 8, 2010, 7:34:52 PM11/8/10
to ICA-AtoM Users
Hi David,
I feel really dumb atm, after much googling around YUI Uploader error
#2038 (which seems to be the current error from within flash) i've
found the problem... a parent directory was password-protected (doh),
after working around this issue with some .htaccess directives the
upload is now half-working. Now what does this means, it means it does
upload the file (it now lies withing uploads/tmp directory) but the
Uploader fails to load the thumbnail and firebug console now shows:
global:
{"name":"niceday.wmv","tmpName":"TMP1969279d.wmv","md5sum":"07cf468bde350da2090be4667f287f46","thumb":"THB1969279d.jpg","size":"1006.7
KiB","canThumbnail":true,"warning":"File niceday.wmv could not be
thumbnailed"}
If I then bail out from this screen (back to the archival description)
there is no digital object associated with it. I assume this might be
related with the ffmpeg issue... Will now try the suggested command
line and will post back the results.
Cheers,
Alex Paes
I feel really dumb atm, after much googling around YUI Uploader error
#2038 (which seems to be the current error from within flash) i've
found the problem... a parent directory was password-protected (doh),
after working around this issue with some .htaccess directives the
upload is now half-working. Now what does this means, it means it does
upload the file (it now lies withing uploads/tmp directory) but the
Uploader fails to load the thumbnail and firebug console now shows:
global:
{"name":"niceday.wmv","tmpName":"TMP1969279d.wmv","md5sum":"07cf468bde350da2090be4667f287f46","thumb":"THB1969279d.jpg","size":"1006.7
KiB","canThumbnail":true,"warning":"File niceday.wmv could not be
thumbnailed"}
If I then bail out from this screen (back to the archival description)
there is no digital object associated with it. I assume this might be
related with the ffmpeg issue... Will now try the suggested command
line and will post back the results.
Cheers,
Alex Paes
alx....@gmail.com
Nov 8, 2010, 8:19:53 PM11/8/10
to ICA-AtoM Users
Hi David,
As suspected this last problem with the import was being caused by the
system not finding ffmpeg. Everytime i tried running ffmpeg it simply
would return 'sh: ffmpeg not found' while running ffmpeg from the
command line would work ok, trying the exec() with the full ffmpeg
binary path it worked, guess this comes from my php running with suPHP
or something. So here's my hack to make this work easily without
having to mess around much with my Apache configuration, added the
following function definition:
protected static function ffmpeg($argString)
{
return '/usr/local/bin/ffmpeg ' . $argString;
}
Where '/usr/loca/bin/' is the path to my ffmpeg binary, and then
replaced all the occurrences of 'ffmpeg' commands by a call to
self::ffmpeg() passing just the arguments.
I know this is a real hack, i would rather find a way to have this
working without having to hack ICA-AtoM code. Any suggestions David?
Cheers,
Alex Paes
Alex Paes
As suspected this last problem with the import was being caused by the
system not finding ffmpeg. Everytime i tried running ffmpeg it simply
would return 'sh: ffmpeg not found' while running ffmpeg from the
command line would work ok, trying the exec() with the full ffmpeg
binary path it worked, guess this comes from my php running with suPHP
or something. So here's my hack to make this work easily without
having to mess around much with my Apache configuration, added the
following function definition:
protected static function ffmpeg($argString)
{
return '/usr/local/bin/ffmpeg ' . $argString;
}
Where '/usr/loca/bin/' is the path to my ffmpeg binary, and then
replaced all the occurrences of 'ffmpeg' commands by a call to
self::ffmpeg() passing just the arguments.
I know this is a real hack, i would rather find a way to have this
working without having to hack ICA-AtoM code. Any suggestions David?
Cheers,
Alex Paes
Alex Paes
Jesús García Crespo
Nov 9, 2010, 2:07:11 PM11/9/10
to ica-ato...@googlegroups.com
Hi Alex,
--
Jesús García Crespo,
Software Engineer, Artefactual Systems Inc.
http://www.artefactual.com | +1.604.527.2056
On Tue, Nov 9, 2010 at 2:19 AM, alx....@gmail.com <alx....@gmail.com> wrote:
I know this is a real hack, i would rather find a way to have this
working without having to hack ICA-AtoM code. Any suggestions David?
You can try to add the path of ffmpeg to the environment variable $PATH.
To see the current value:
echo shell_exec('echo $PATH'); // In my case: /usr/local/bin:/usr/bin:/binOr you can create a link to ffmpeg in one of the current paths. For example:
ln -s /path/to/ffmpeg /usr/local/bin/ffmpeg
Is it working for you?
Regards,
--
Jesús García Crespo,
Software Engineer, Artefactual Systems Inc.
David Juhasz
Nov 9, 2010, 2:32:52 PM11/9/10
to ica-ato...@googlegroups.com
Hi Alex,
One caveat for Jesús' post which has confused me in the past - the
$PATH variable is sometimes not what you would expect because PHP may
run command line tasks using a different shell then the one you are
using on the command line.
Here's some more information that I found helpful when dealing with
PHP specific paths:
http://stackoverflow.com/questions/3428647/php-exec-path-variable-missing-elements
Cheers,
David Juhasz,
Software Engineer, Artefactual Systems Inc.
http://www.artefactual.com | P: 604.527.2056 | F: 604.521.2059
alx....@gmail.com
Nov 9, 2010, 2:57:19 PM11/9/10
to ICA-AtoM Users
Hi Jesús and David,
I didn't go the shell_exec() way mostly because in this setup i have
that function disabled in php.ini (i take this opportunity to ask if
this might mess with any other part of ICA-AtoM?) so what i ended up
doing is:
a) created an ffmpeg symlink in a not acessible place inside the
homedir for the user running ICA-AtoM
b) in index.php i export that path by means of putenv()
Do you guys think this is a feasible approach or should I in your
opinion take a different approac?
Cheers,
Alex Paes
I didn't go the shell_exec() way mostly because in this setup i have
that function disabled in php.ini (i take this opportunity to ask if
this might mess with any other part of ICA-AtoM?) so what i ended up
doing is:
a) created an ffmpeg symlink in a not acessible place inside the
homedir for the user running ICA-AtoM
b) in index.php i export that path by means of putenv()
Do you guys think this is a feasible approach or should I in your
opinion take a different approac?
Cheers,
Alex Paes
David Juhasz
Nov 9, 2010, 4:51:04 PM11/9/10
to ica-ato...@googlegroups.com
Using putenv() in the index.php sounds like a good way to go to me.
I'm not sure why you need to do a symlink as well, but you know your
server better than I do. ;) In the end, whatever works for you and
doesn't open up your server for exploit is a reasonable solution
imho. :)
I'm not sure why you need to do a symlink as well, but you know your
server better than I do. ;) In the end, whatever works for you and
doesn't open up your server for exploit is a reasonable solution
imho. :)
alx....@gmail.com
Nov 9, 2010, 5:13:25 PM11/9/10
to ICA-AtoM Users
Hi again David,
I guess i just put the symlink to avoid adding a system folder to the
path... unfortunately my knowledge in php or server security is way
below what it should be :(
Like you said as long as it works being able to revert all the hacked
code out of ICA-AtoM :D
Thank you so much for putting up with this issue and for your help in
solving it.
Cheers,
Alex Paes
I guess i just put the symlink to avoid adding a system folder to the
path... unfortunately my knowledge in php or server security is way
below what it should be :(
Like you said as long as it works being able to revert all the hacked
code out of ICA-AtoM :D
Thank you so much for putting up with this issue and for your help in
solving it.
Cheers,
Alex Paes
Reply all
Reply to author
Forward
0 new messages