java - Play Resumable Upload Permissions Error -

i can't find cause of error occurs when upload file using play scala , resumable.js:

thread "application-akka.actor.default-dispatcher-3": controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:44)

some(resumableinfo) resumableparams =>: resumableinfo(authorname,1048576,1430174,1430174-allegrofromduetincmajormp3,allegro duet in c major.mp3,allegro duet in c major.mp3,/allegro duet in c major.mp3.temp)

[error] p.c.s.n.playdefaultupstreamhandler - cannot invoke action java.io.filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)     @ java.io.randomaccessfile.open0(native method) ~[na:1.8.0_71]     @ java.io.randomaccessfile.open(randomaccessfile.java:316) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:243) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:124) ~[na:1.8.0_71]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:46) ~[classes/:na]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:22) ~[classes/:na]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:408) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:407) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:533) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:530) ~[play_2.11-2.4.6.jar:2.4.6] [error] application -   ! @6p27df40a - internal server error, (post) [/resumable] ->  play.api.http.httperrorhandlerexceptions$$anon$1: execution exception[[filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)]]     @ play.api.http.httperrorhandlerexceptions$.throwabletousefulexception(httperrorhandler.scala:265) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.http.defaulthttperrorhandler.onservererror(httperrorhandler.scala:191) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.globalsettings$class.onerror(globalsettings.scala:179) [play_2.11-2.4.6.jar:2.4.6]     @ play.api.defaultglobal$.onerror(globalsettings.scala:212) [play_2.11-2.4.6.jar:2.4.6]     @ play.api.http.globalsettingshttperrorhandler.onservererror(httperrorhandler.scala:94) [play_2.11-2.4.6.jar:2.4.6]     @ play.core.server.netty.playdefaultupstreamhandler$$anonfun$3.applyorelse(playdefaultupstreamhandler.scala:266) [play-netty-server_2.11-2.4.6.jar:2.4.6]     @ play.core.server.netty.playdefaultupstreamhandler$$anonfun$3.applyorelse(playdefaultupstreamhandler.scala:262) [play-netty-server_2.11-2.4.6.jar:2.4.6]     @ scala.concurrent.future$$anonfun$recoverwith$1.apply(future.scala:344) [scala-library-2.11.7.jar:na]     @ scala.concurrent.future$$anonfun$recoverwith$1.apply(future.scala:343) [scala-library-2.11.7.jar:na]     @ scala.concurrent.impl.callbackrunnable.run(promise.scala:32) [scala-library-2.11.7.jar:na] caused by: java.io.filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)     @ java.io.randomaccessfile.open0(native method) ~[na:1.8.0_71]     @ java.io.randomaccessfile.open(randomaccessfile.java:316) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:243) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:124) ~[na:1.8.0_71]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:46) ~[classes/:na]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:22) ~[classes/:na]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:408) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:407) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:533) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:530) ~[play_2.11-2.4.6.jar:2.4.6]

the code makes file this...

def checkifuploadfinished: boolean = { val count: int = math.ceil(resumabletotalsize.todouble / resumablechunksize.todouble).toint 1.until(count) foreach { i: int => if (!uploadedchunks.contains(i)) return false }

val file: file = new file(resumablefilepath) val newpath: string = file.getabsolutepath.substring(0, file.getabsolutepath.length - ".temp".length) file.renameto(new file(newpath)) true

}

re-running gives me this...

[error] p.c.s.n.playdefaultupstreamhandler - cannot invoke action java.io.filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)     @ java.io.randomaccessfile.open0(native method) ~[na:1.8.0_71]     @ java.io.randomaccessfile.open(randomaccessfile.java:316) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:243) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:124) ~[na:1.8.0_71]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:46) ~[classes/:2.4.6]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:22) ~[classes/:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:408) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:407) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:533) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:530) ~[play_2.11-2.4.6.jar:2.4.6] [error] application -   ! @6p2c3mpkb - internal server error, (post) [/resumable] ->  play.api.http.httperrorhandlerexceptions$$anon$1: execution exception[[filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)]]     @ play.api.http.httperrorhandlerexceptions$.throwabletousefulexception(httperrorhandler.scala:265) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.http.defaulthttperrorhandler.onservererror(httperrorhandler.scala:191) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.globalsettings$class.onerror(globalsettings.scala:179) [play_2.11-2.4.6.jar:2.4.6]     @ play.api.defaultglobal$.onerror(globalsettings.scala:212) [play_2.11-2.4.6.jar:2.4.6]     @ play.api.http.globalsettingshttperrorhandler.onservererror(httperrorhandler.scala:94) [play_2.11-2.4.6.jar:2.4.6]     @ play.core.server.netty.playdefaultupstreamhandler$$anonfun$3.applyorelse(playdefaultupstreamhandler.scala:266) [play-netty-server_2.11-2.4.6.jar:2.4.6]     @ play.core.server.netty.playdefaultupstreamhandler$$anonfun$3.applyorelse(playdefaultupstreamhandler.scala:262) [play-netty-server_2.11-2.4.6.jar:2.4.6]     @ scala.concurrent.future$$anonfun$recoverwith$1.apply(future.scala:344) [scala-library-2.11.7.jar:na]     @ scala.concurrent.future$$anonfun$recoverwith$1.apply(future.scala:343) [scala-library-2.11.7.jar:na]     @ scala.concurrent.impl.callbackrunnable.run(promise.scala:32) [scala-library-2.11.7.jar:na] caused by: java.io.filenotfoundexception: /allegro duet in c major.mp3.temp (permission denied)     @ java.io.randomaccessfile.open0(native method) ~[na:1.8.0_71]     @ java.io.randomaccessfile.open(randomaccessfile.java:316) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:243) ~[na:1.8.0_71]     @ java.io.randomaccessfile.<init>(randomaccessfile.java:124) ~[na:1.8.0_71]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:46) ~[classes/:2.4.6]     @ controllers.resumable$$anonfun$dopost$1.apply(resumable.scala:22) ~[classes/:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:408) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.actionbuilder$$anonfun$apply$16.apply(action.scala:407) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:533) ~[play_2.11-2.4.6.jar:2.4.6]     @ play.api.mvc.action$.invokeblock(action.scala:530) ~[play_2.11-2.4.6.jar:2.4.6]

according error, you're trying save file /allegro duet in c major.mp3.temp, , don't have permission open file. thing, allowing users upload arbitrarily named file root file system serious security issue. in fact, serious security issue anyway, since choose file name, eg /etc/passwd, , next thing know, they've created new user accounts on system.

you should select file name in temporary directory, , avoid using same file name they've sent you, avoids whole range of potential security problems. better solution use hash of file name combined users user name. file should use be:

new file(sometempdirectory, username + "-" + file.getname.hashcode())

Search This Blog

Scrio

java - Play Resumable Upload Permissions Error -

Comments

Post a Comment

Popular posts from this blog

Delphi XE2 Indy10 udp client-server interchange using SendBuffer-ReceiveBuffer -

Qt ActiveX WMI QAxBase::dynamicCallHelper: ItemIndex(int): No such property in -

Enable autocomplete or intellisense in Atom editor for PHP -