ImageMagick: problems with realpath()

Hi, all.

I'm having an issue with ImageMagick that's neatly summarised by this topic.

Although ImageMagick is installed and configured, Omeka's attempts to use it are thwarted by the open_basedir setting. But as far as I can see (and our hosting company confirms it), the problem isn't with calling ImageMagick itself; rather, it's with the fail-safe checks surrounding it, which use realpath and file_exists to access a folder beyond the site root and thereby (quite rightly, I would've thought) fall foul of the security settings.

Are those checks actually necessary? Does anyone have any suggestions, beyond resorting to hacking?

Many thanks for your help.

ian.

Just to update...I've hacked the core code for now, commenting out the problematic checks, and ImageMagick now works fine, with the open_basedir restriction still in place.

That's obviously not a great long-term solution, so any bright ideas would be gratefully received!

Just in case anyone needs to do the same thing, here are the hacks required to get ImageMagick working with an open_basedir restriction still in place:

In application/libraries/Omeka/File/Derivative/Image.php, line #59, change this:

if (($cleanPath = realpath($rawPath)) && is_dir($cleanPath)) {

to:

if ($cleanPath = $rawPath) {

In application/libraries/Omeka/File/Ingest/Source.php, line #125, change this:

$tempDestination = tempnam('', 'Omeka');

to this:

$tempDestination = tempnam(sys_get_temp_dir(), 'Omeka');

(...which, as far as I can see from the PHP tempnam documentation, might be viewed as a minor bug-fix rather than a hack.)

In application/libraries/Zend/Validate/File/MimeType.php, comment out the following lines:

#144:
if (file_exists($file)) {

#147:

}

#165-167:

} else if (!is_readable($file)) {
require_once 'Zend/Validate/Exception.php';
throw new Zend_Validate_Exception('The given magicfile can not be read'); `

I dare say that some of those hacks wouldn't be strictly recommended, but the alternative is that ImageMagick won't work. It took me a little while to find all of those bits and pieces, so it seemed sensible to map it out for anyone needing to hack through the same bit of jungle...!

Hi,

Thanks for the update on this. You are right that the line tempnam(sys_get_temp_dir()) in Ingest/Source.php is a bug fix, so we'll be sure to incorporate that.

With respect to the other files, unfortunately we can't really hack the Zend Framework if we expect to be able to update it in the future.

With the other file, Derivative/Image.php, my understanding is that the realpath() && is_dir() calls in that method are done to prevent running arbitrary commands in case a bad element gains access to the settings form for a given Omeka installation. It might work to sub that out with escapeshellcmd(), which would reduce the risk a fair amount, though I'm not totally sure. Needs more testing.

For now I'm guessing your hacks work fine, though we'll look into adding something in the next release to alleviate those issues, if possible.