You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each time admin panel is accessed, kleeja checks the existence of htaccess file inside folder name correspondent to the foldername key inside the global $config variable, and inside its subfolder thumbs, without checking if the folder itself is found or not.
This behavior exists within includes/adm/start.php on lines 199,204,217.
So suppose that the admin want to put uploaded files in user directory under current correspondent date, and use the following format for upload folder name : uploads/{username}/{year}{month}{day}{week}.
Before any file being uploaded in current date (the folder will not be created), and as kleeja check .htaccess existensce within this folder, this will lead to showing an error inside the admin panel that .htaccess file is not found and that this might be a security issue, when indeed that the directory itself is not found.
The error is gone when the admin uploads at least when file in the this day , as the folder will be created and everything will work as it must.
To Reproduce
Login into admin panel
click on settings -> upload
set the value of folder name for uploaded files as following: uploads/{username}/{year}{month}{day}{week}
Refresh page or do logout then login to admin panel
Expected behavior
When the upload folder correspondent to the global $config variable, $config['foldername'] does not exists we must not check, for htaccess existence. so we must add a new condition to check for directory existence before checking for htaccess file existence.
Server (please complete the following information):
Each time admin panel is accessed, kleeja checks the existence of
htaccess
file inside folder name correspondent to thefoldername
key inside the global$config
variable, and inside its subfolderthumbs
, without checking if the folder itself is found or not.This behavior exists within
includes/adm/start.php
on lines199,204,217
.So suppose that the admin want to put uploaded files in user directory under current correspondent date, and use the following format for upload folder name :
uploads/{username}/{year}{month}{day}{week}
.Before any file being uploaded in current date (the folder will not be created), and as kleeja check
.htaccess
existensce within this folder, this will lead to showing an error inside the admin panel that.htaccess
file is not found and that this might be a security issue, when indeed that the directory itself is not found.The error is gone when the admin uploads at least when file in the this day , as the folder will be created and everything will work as it must.
To Reproduce
settings -> upload
folder name for uploaded files
as following:uploads/{username}/{year}{month}{day}{week}
Expected behavior
When the upload folder correspondent to the global $config variable,
$config['foldername']
does not exists we must not check, forhtaccess
existence. so we must add a new condition to check for directory existence before checking for htaccess file existence.Server (please complete the following information):
Additional context
This case can be solved as following.
change following lines in
includes/adm/start.php
:change line 199 from:
if (! file_exists(PATH . $config['foldername'] . '/.htaccess'))
to:
if (is_dir(PATH . $config['foldername']) && ! file_exists(PATH . $config['foldername'] . '/.htaccess'))
change line 204 from:
if (! file_exists(PATH . $config['foldername'] . '/thumbs/.htaccess'))
to:
if (is_dir(PATH . $config['foldername']) && ! file_exists(PATH . $config['foldername'] . '/thumbs/.htaccess'))
change line 217 from:
if (! file_exists(PATH . $config['foldername'] . '/thumbs') && (int) $config['thumbs_imgs'] != 0)
to:
if (is_dir(PATH . $config['foldername']) && ! file_exists(PATH . $config['foldername'] . '/thumbs') && (int) $config['thumbs_imgs'] != 0)
The text was updated successfully, but these errors were encountered: