Hello
When I try to sync the gallery and if the update metadata flag is ticked then the sites crashes with a fatal error. I had recently added some photos that were geotagged with the Mac Geotag app. Sync'ing without the update metadata flag runs OK.
Presumably there is some problem with the metadata but it's not evident which file, what tag is the problem.
Fatal error: Cannot redeclare strip_html_in_metadata() (previously declared in /var/www/piwigo/include/functions_metadata.inc.php:186) in /var/www/piwigo/include/functions_metadata.inc.php on line 186.
The code around the flagged error line is:
184 if (!$conf['allow_html_in_metadata'])
185 {
186 function strip_html_in_metadata(&$v, $k)
187 {
188 $v = strip_tags($v);
189 }
190
191 foreach ($result as $key => $value)
192 {
193 // in case the origin of the photo is unsecure (user upload), we remove
194 // HTML tags to avoid XSS (malicious execution of javascript)
195 if (is_array($value))
196 {
197 array_walk_recursive($value, 'strip_html_in_metadata');
198 }
199 else
200 {
201 $result[$key] = strip_tags($value);
202 }
203 }
204 }
205
206 return $result;
207 }
environment details (self hosted)
Piwigo 14.4.0 Check for upgrade Installed on 25 June 2022, 1 year 9 months 3 weeks 2 days ago Operating system: Linux PHP: 7.4.33 (Show info) [2024-04-19 09:22:29] MySQL: 5.5.5-10.5.23-MariaDB-0+deb11u1 [2024-04-19 09:22:29] Graphics Library: External ImageMagick 6.9.11-60 Cache size 215.17 Mo calculated 10 hours ago Refresh
Offline
Thanks for the link to the bug fix. I get this error when applying the patch
pi@raspberrypi:/var/www/piwigo $ sudo -u www-data curl [Github] Piwigo commit e8090d41 | patch -p1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1075 100 1075 0 0 4673 0 --:--:-- --:--:-- --:--:-- 4694
File include/functions_metadata.inc.php is read-only; trying to patch anyway
patch: **** Can't create temporary file include/functions_metadata.inc.php.oqxhbGA : Permission denied
pi@raspberrypi:/var/www/piwigo $ stat include
File: include
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: b302h/45826d Inode: 566493 Links: 10
Access: (0755/drwxr-xr-x) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2022-06-25 20:28:04.279406798 +0100
Modify: 2024-04-19 10:19:42.026239270 +0100
Change: 2024-04-19 10:19:42.026239270 +0100
Birth: 2022-06-25 20:28:04.279406798 +0100
pi@raspberrypi:/var/www/piwigo $ stat include/functions_metadata.inc.php
File: include/functions_metadata.inc.php
Size: 6054 Blocks: 16 IO Block: 4096 regular file
Device: b302h/45826d Inode: 566522 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2024-04-17 14:48:04.000000000 +0100
Modify: 2024-04-17 14:48:04.000000000 +0100
Change: 2024-04-18 09:13:03.231754582 +0100
Birth: 2022-06-25 20:28:06.287390296 +0100
I don't see that the perms for include are wrong. Include and functions_metadata.inc.php are both owned by www-data r/w.
pi@raspberrypi:/var/www/piwigo $ sudo -u www-data touch include/temp
Succeeds
Offline
I realized my mistake, sudo in the wrong place.
Offline
Now I get another error. I restarted Apache.
Fatal error: Maximum execution time of 30 seconds exceeded in /var/www/piwigo/admin/include/functions_metadata.php on line 185
So it seems the patched file is causing it.
Offline
The file maybe, but what exactly is at line 185 in your file now? For me after the patch it's an opening brace and that would make no sense with the message you got.
182 } 183 184 if (!$conf['allow_html_in_metadata']) 185 { 186 foreach ($result as $key => $value) 187 { 188 // in case the origin of the photo is unsecure (user upload), we remove
In fact at line 186 originally followed the strip_html_in_metadata() function that the patch moved down. I assume something went wrong with your patching.
Offline
Hint: the error happens in admin/include/functions_metadata.php
It is a different file and line 185 contains this:
if (function_exists('mime_content_type') && in_array(mime_content_type($file), array('image/svg+xml', 'image/svg')))
Last edited by OHappyDay (2024-04-20 14:06:04)
Offline
Sorry, overlooked, include/functions_metadata.php line 186 and admin/include/functions_metadata.php line 185 apparently looked too similar for me ;-)
I don't see a reason why that should timeout unless your PHP has problems to access a file in that context.
In a shell try to place an image file sample.jpg in the current directory and execute
php -r "if (function_exists('mime_content_type') && in_array(mime_content_type('sample.jpg'), array('image/svg+xml', 'image/svg'))) echo \"Yes\n\"; else echo \"No\n\";"
It should output No and not timeout.
If in that test you change 'image/svg' to 'image/jpeg' the output should be Yes instead (if sample.jpg is an actual JPEG file), to verify the PHP mime_content_type() function works as expected.
Offline
Thanks for that test. I put a real jpg in cwd. In the test line as written the result is "no" and no timeout. Amending svg to jpeg, the result is "yes". That is as expected so php mime_content_type() type seems to be working correctly.
The code around line 186 is now post-patching;
184 if (!$conf['allow_html_in_metadata'])
185 {
186 foreach ($result as $key => $value)
187 {
188 // in case the origin of the photo is unsecure (user upload), we remove
189 // HTML tags to avoid XSS (malicious execution of javascript)
190 if (is_array($value))
191 {
192 array_walk_recursive($value, 'strip_html_in_metadata');
193 }
194 else
195 {
196 $result[$key] = strip_tags($value);
197 }
198 }
199 }
200
201 return $result;
Looks OK to me.
Offline