Closed mapkyca closed 8 years ago
My ears pricked up bc HTMLPurifier was that one stray lib still using "eval"
Hmm... I think this could stand some extra investigation...
IPs seem to originate from Baidu and google, and look like spiders.
I'm wondering whether it might be worth digging into htmlpurifier a bit more, eval usage is generally a Bad Sign.
... looking at the code it does look like it's meant to be writeable... but I'm wondering whether we shouldn't adopt this code and Knownify it so it writes safely.
I'd noticed this a while back and set the cache folder to be within the upload folder. That's Idno/Core/Purifier.php
lines 14 and 41:
$config->set('Cache.SerializerPath', Idno::site()->config()->getUploadPath());
Guessing it needs to be set somewhere else?
Maybe, but it's possible that it's getting the error because I'm on Mongo and GridFS.
I was hitting this because I was trying an export (which also doesn't work, for different reasons), because I want to work on a Mongo->Mysql conversion so we can finally kill mongo support.
Kill it with fire.
Yeah, I think it's likely because I don't have uploadpath set, again because I'm using mongo as the backend.
Not sure how best to handle this - we're wanting to kill mongo, but I imagine it'll also cause problems with the S3 backend, or any other file stores.
Still an issue even with a temp dir, looks like the setting isn't being set
While trying to do this:
Not sure, looking in the logs, found this error generated in external/htmlpurifier-lite/library/HTMLPurifier/DefinitionCache/Serializer.php on line 278
I encountered this error:
Error about this directory not being writeable.
Some other notes:
Not entirely sure if this is a bug or something suspicious (need to investigate further). Logging for folks to comment on.