Forum OpenACS Development: Re: File Upload Fails on Windows OACS Installaion

Collapse
3: Re: File Upload Fails on Windows OACS Installaion (response to 1)
Posted by Raul Rodriguez on 10/31/25 09:39 PM
Hi,

We added logging to:

ad_proc security::safe_tmpfile_p {
    -must_exist:boolean
    tmpfile
} {

    Checks that a file is a safe tmpfile, that is, it belongs to the
    configured tmpdir.

    When the file exists, we also enforce additional criteria:
    - file must belong to the current system user
    - file must be readable and writable by the current system user

    @param tmpfile absolute path to a possibly existing tmpfile
    @param must_exist make sure the file exists

    @return boolean
} {
    #
    # Ensure no ".." in the path
    #
                ns_log Notice ">>> STARTING TMPFILE tmpfile: $tmpfile"
    set tmpfile [ns_normalizepath $tmpfile]
    set tmpdir [string trimright [ns_config ns/parameters tmpdir] /]
                ns_log Notice ">>> UPLOADCHECK tmpfile = $tmpfile"
                ns_log Notice ">>> UPLOADCHECK tmpdir = $tmpdir"

Got:

[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Notice: >>> STARTING TMPFILE tmpfile:
C:/WINDOWS/TEMP/nsd-XXXXXX29771.TMP
[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Notice: >>> UPLOADCHECK tmpfile = c:/WINDOWS/TEMP/nsd-XXXXXX29771.TMP
[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Notice: >>> UPLOADCHECK tmpdir = c:/naviserver/servers/openacs/tmp
[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Notice: >>> UPLOADCHECK direct child False
[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Debug(sql): pool pool1 duration 0.000000 secs: '
:                    select apm_parameter_values.attr_value
:                    from   apm_parameters, apm_parameter_values
:                    where  apm_parameter_values.package_id = '177'
:                    and    apm_parameter_values.parameter_id = apm_parameters.parameter_id
:                    and    apm_parameters.parameter_name = 'SuppressHttpPort'
:                '
[31/Oct/2025:09:34:58][22512.56d4][-conn:openacs:default:4:2-] Warning: They tried to sneak in invalid tmpfile 'C:/WINDOWS/TEMP/nsd-XXXXXX29771.TMP'
:        called from ad_page_contract {} 1 {} 0 __unknown__ {\n    page to add a new file to the syste...} {\n    file_id:naturalnum,optional,notnull...} -properties {\n    folder_id:onevalue\n    context:one...} -validate \\n\ \ \ \ file_id_or_folder_id\ \{\\n\ \ \ \ \ \ \ \ if\ ...
:        called from template::adp_parse c:/naviserver/servers/openacs//packages/file-storage/www/file-add {}
:        called from adp_parse_ad_conn_file
:        called from rp_serve_concrete_file c:/naviserver/servers/openacs/packages/file-storage/www/file-add.adp
:        called from rp_serve_abstract_file 0 0 .* c:/naviserver/servers/openacs/packages/file-storage/www/file-add
:        called from rp_handle_request
:        called from rp_handler
:            POST http://localhost:8000/file-storage/file-add? referred by 'http://localhost:8000/file-storage/file-add?folder_id=979'; peer ::1 user_id 729

We also ran automated testing on acs-templating validate_file. Got the following Errors:

                FAILED Is Afile C:/WINDOWS/TEMP/oacs53344.TMP text/plain a file?: false
                FAILED Is A/file C:/WINDOWS/TEMP/oacs53344.TMP a a file?: false

Thank you for your help