PHP Warning: Directory /.../external/htmlpurifier-lite/library/HTMLPurifier/DefinitionCache/Serializer not writable, please chmod to 777

[mapkyca]

While trying to do this:

Not sure, looking in the logs, found this error generated in external/htmlpurifier-lite/library/HTMLPurifier/DefinitionCache/Serializer.php on line 278

I encountered this error:

Error about this directory not being writeable.

Some other notes:

Not entirely sure if this is a bug or something suspicious (need to investigate further). Logging for folks to comment on.

[kylewm]

My ears pricked up bc HTMLPurifier was that one stray lib still using "eval"

[mapkyca]

Hmm... I think this could stand some extra investigation...

IPs seem to originate from Baidu and google, and look like spiders.

I'm wondering whether it might be worth digging into htmlpurifier a bit more, eval usage is generally a Bad Sign.

[mapkyca]

... looking at the code it does look like it's meant to be writeable... but I'm wondering whether we shouldn't adopt this code and Knownify it so it writes safely.

[benwerd]

I'd noticed this a while back and set the cache folder to be within the upload folder. That's Idno/Core/Purifier.php lines 14 and 41:

$config->set('Cache.SerializerPath', Idno::site()->config()->getUploadPath());

Guessing it needs to be set somewhere else?

[mapkyca]

Maybe, but it's possible that it's getting the error because I'm on Mongo and GridFS.

I was hitting this because I was trying an export (which also doesn't work, for different reasons), because I want to work on a Mongo->Mysql conversion so we can finally kill mongo support.

Kill it with fire.

[mapkyca]

Yeah, I think it's likely because I don't have uploadpath set, again because I'm using mongo as the backend.

Not sure how best to handle this - we're wanting to kill mongo, but I imagine it'll also cause problems with the S3 backend, or any other file stores.

[mapkyca]

Still an issue even with a temp dir, looks like the setting isn't being set