403 - image cache problem

When i try to show full size image I get error 403 - forbidden. Its not depended from theme (occurring on Basic and zpBase).

I check folder privileges and all are set to 755.

When image is put to cache folder i see it from FileZilla FTP client like symlink with privileges 777.

PHP v.7.4.15
PHP GD library bundled (2.1.0 compatible)
ZenP v.1.5.9

Any idea?

Tags:

Comments

  • Some PHP extensions (e.g. suhosin) will trigger when symlinks are used. Zenphoto tests for suhosin and does not use symlinks, but maybe there is another security "feature" that we do not know of and therefore do not handle.

    You can change the SYMLINK definition in the global-definitions file to FALSE to get around that issue, but of course this change is not a permanent solution since it will be overridden when you update your software.

  • maymar Member

    I find that when I open image in mobilephone it is scaled to 400px and its saved proper in cache - its able to display on web. The problem is when image is saved as bigger than original photo - original is 1024px and ZP try to convert it to 1920px - in that case image is visible like symlink (get 403 in webbrowser).

  • maymar Member

    it seems that symlink linking to original image but dont know why its not reachable.

  • acrylian Administrator, Developer

    The problem is when image is saved as bigger than original photo - original is 1024px and ZP try to convert it to 1920px

    I don't understand. The full sizes image is the image you upload and normally is not changed like upscaling The sized image is the image on the image page of a standard theme. That can set to be upscaled but for quality's sake I see no real reason to do that. The symlink is used - if supported on the server - if the sized images is the same as the full image to avoid an extra image being cached.

    Perhaps it would be good to have a link to see the issue.

  • acrylian Administrator, Developer

    it seems that symlink linking to original image but dont know why its not reachable.

    Wild guess: Do you .htaccess protect your albums folder perhaps or something like that?

  • maymar Member

    "That can set to be upscaled but for quality's sake I see no real reason to do that." - and i don't want to scaling it up - just want to display it in original dimensions.
    Page on zpBase is set to max 1920px and i have different size images in different galleries so if page reach 1920px the image that have smaller dimension should be displayed as original uploaded.

    .htaccess not blocking directories. There's only ZP rule to redirecting.

    check it here -> http://gallery.may.net.pl/przyroda/karkonosze/

  • acrylian Administrator, Developer
    edited July 2021

    i don't want to scaling it up - just want to display it in original dimensions.

    Okay, perhaps I misunderstood and you were just referring to the resizing within the browser.

    Anyway since you have the theme switcher enabled it shows that all works with the basic theme on the image page while it does not with zpBase. In Basic the click on the full image does also not work. That does not explain why the iamge does not show on the zpBase image page at all…

    What settings do you have on Options > image > Full image protection?

    Also which version of zpBase do you use? This one?
    https://github.com/zenphoto/zpbase

  • maymar Member

    zpBase i have installed with one of the older version ZP- don't remember witch one it was - probably v1.4.6

  • maymar Member

    Full image protection: hotlinking - checked; save full image in cache - checked; and protect preview.

    I think that problem with symlink is that it create link from root folder either not from install folder.
    In my case its:
    /home/anotherFolder/www/gallery/albums/przyroda/karkonosze/karkonosze.jpg
    instead of:
    /albums/przyroda/karkonosze/karkonosze.jpg

  • acrylian Administrator, Developer
    edited July 2021

    zpBase i have installed with one of the older version ZP- don't remember witch one it was - probably v1.4.6

    zpBase was never officially part but then I recommend to use the newer one. If your version is from around the time of 1.4.6 it is pretty old in any case.

    I think that problem with symlink is that it create link from root folder either not from install folder.

    It should be no issue that symlinks are created with absolute paths. Sorry, I still suspect some server side/config issue here. Perhaps contact your host about this first.

  • acrylian Administrator, Developer

    You said you used a theme from ZP 1.4.6. So this means this all worked previously, right? Then I would even more suspect that this is server side as Idon't remember any changes to the symlink part for ages.

  • maymar Member

    OK - I wrote to my provider - waiting for answer - thx for help

  • maymar Member

    I get answer from my hosting provider. In short way " OVHcloud shared hosts are optimized for the most common uses. " and they wont do anything with it.
    I "love" OVH for that...

    I want to understand - what create symlink in cache folder? Is not a ZP script?

  • acrylian Administrator, Developer
    edited July 2021

    Well, that is the usual answer probably by most hosts…

    Zenphoto creates symlinks using the native PHP function:
    https://www.php.net/manual/en/function.symlink.php

    The resulting symlink is basically a server level thing. It's a kind of file that points elsewhere (you cannot open or download it via FTP for example).

    If all fails ss suggested above you can also disable those symlinks that by "hacking" some definitions a little. Open zp-core/global-definitions.php and change

     define('SYMLINK', function_exists('symlink') && strpos(@ini_get("suhosin.executor.func.blacklist"), 'symlink') === false);`
    

    to

     define('SYMLINK', false);
    

    Symlinks are not require, they just prevent images to be cached that already have the size the cache requests to save some space.

  • maymar Member

    Thx - i change global definition and it works now as i want :-)

  • acrylian Administrator, Developer

    Great, we change a few things in the future so setting some of these constants will be possible via the config file instead of hacking a core file.

Sign In or Register to comment.