I have trying to overwrite or perform some file operation to the files uploaded in a webserver.
Previously I have uploaded the files from joomla extension. It defined its owner as 99. Without changing its owner it my login name i am unable to perform file operation using ftp and cpanel.
what can be done?
You could enable the FTP layer of Joomla.
It does depend a bit on how your hosting sets permissions (whether they use ACL's, etc), but the FTP layer of Joomla is designed to get around exactly this issue.
Documentation for this feature is here:
http://help.joomla.org/content/view/1941/302/1/2/
Related
Is there a way to restrict content download "Restricting Anonymous Users From Downloading Files"
Right now, once the user is logged in and he is able to obtain the URL to a path, he can re-download it again even if he logs off.
We've tried
-Rules Module and Content_Access Module to no avail.
it only supports:
Basic Rules per node
There's no
Basic Rules per Content (i.e. videos)
You can control access to files via Drupal only if both conditions are met:
private mode is on (see /admin/config/media/file-system)
Download folder is outside web server access, i.e. file upload folder contents are not accessible from the web.
See hook hook_file_download() which is called for every private file.
Control access to private file downloads and specify HTTP headers.
This hook allows modules enforce permissions on file downloads when the private file download method is selected. Modules can also provide headers to specify information like the file's name or MIME type.
Is it possible to send a http upload request a file to a Apache or IIS that will have a fileName with "../" or ".." that wouldn't be rejected and would be passed to php or ASP.Net engine?
Not really the way you are asking. By the time it gets to the server the browser has read the file and delivered it as a chunk of content with no information about where it came from other than the original file name which you can choose to use or discard.
Generally file uploads go into a temporary storage place (e.g. /tmp) and then need to be moved out of there to somewhere which you can control and name.
This storage is configured on the server, and so any attempt to put path info into the filename should also be blocked by the file upload implementation of the server which should sanitise the filenames again if the browser didn't already do so.
If there's a bug then all bets are off though.
(edit: I'm leaving all the mistaken assumptions in just in case someone else makes the same mistakes)
I have an ancient Typo3 3.8.1 site on a remote server. I don't have access to that server, and the team in charge of maintaining the site doesn't know who to contact to get access to the server. I do have the admin rights on that site, though. (edit: no I don't. oops.)
This is what I see in the (not) admin menu:
I'm not sure if this version supports extensions, I can't find an extension manager anywhere. (because I'm not an admin)
I want to export the site so I can host it on a server on my own domain instead. The problem is the export file is too large, I can't download it. Will I destroy the directory structure if I export a bunch of pages at a time?
If you have admin access to the backend you can try to install Quixplorer - file manager. Using it you can try to zip folders in the main directory ie. (typo3, typo3conf, fileadmin etc) one by one and download them via browser.
It's important to download and remove typo3conf.zip from the server as soon as possible, cause it contains sensitive data.
Additionally you can also install PhpMyAdmin extension (search in repository) i you haven't other MySQL client.
Edit:
If you can't use Quixplorer the only way is... to write own extension and upload it via Extension Manager, there you'll need to try perform primitive file system operations like:
(PHP)
system('zip -R t3c.zip typo3conf/');
Sometimes the server allows more memory and execution_time that the T3D Export. So, if you can change PHP files on that server, try to change typo3/sysext/impexp/class.tx_impexp.php - search for ini_set and change that settings. If the server allows, you can then create bigger t3d-files.
And you could try some shell-extensions to get hands on that server:
http://typo3.org/extensions/repository/view/phpshell
http://typo3.org/extensions/repository/view/mw_shell
http://typo3.org/extensions/repository/view/shell
But to answer your initial question: you can crate a couple of T3D-files and import them again. Just force uid if you import them - and install all needed extensions first!
When creating a data source that pulls from any of my sections and pressing "create data source", I get the following error:
Forbidden
You don't have permission to access /symph-page/symphony/blueprints/datasources/new/ on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Strangely, if I pull from the system or provide custom xml, the data source is created fine and I don't get the previous message. Running symphony 2.3 on server that should be meeting the technical requirements. I have run Symphony before and never encountered this sort of issue.
It sounds like you need to change the workspace/data-sources directory file permissions so that the web server user can write files into it.
For example, on a Linux server (777 may not be necessary and depends on your webserver's configuration):
chmod 777 /symph-page/symphony/blueprints/datasources
If you access the server via FTP, your FTP client will probably let you do this.
Edit: Re-reading your question, I think I was mistaken in saying this is a workspace writing permissions issue. I don't recognise the "blueprints" directory path. Does this directory exist within your installation, and does your webserver have read permissions?
You might also want to make sure that you .htaccess file is present.
I developed a small cakephp website on local machine. When I upload to my host server, I realize that I must use their prefix for the database name and database user. So, I go and create new database name and new user. When I visit the site, it has this:
Warning (2): mysql_connect() [function.mysql-connect]: Access denied for user 'old_name'#'localhost' (using password: YES) [CORE/cake/libs/model/datasources/dbo/dbo_mysql.php, line 552]
I am 100% sure, I already change the name to "new_name", it runs on my local machine, but I dont know why it still load the old name. I go to ftp, and download the database config file, it clearly stated that, the database user is "new_name", i dont understand why when I go to the site, it loads the old database config. I am new to cakephp, please help.
try to clear the files from your app/tmp directory and tripple check the configuration.
Sometimes it can take a while for files to become live. One host I use has a folder for upload and then they transfer to the live folder from there automatically. Could it be something like this?
You possibly need to specify an IP for the database instead of localhost. Often the database is hosted on a different server to the code.