Invalid path error creating directory?

Wappler General How To
#1

The path where we would like to create a new directory is located:

../UserArea/invUploads/

Structure:

public_html (standard) -

  • Site (where our DMX actions are stored, within this directory)
  • UserArea / invUploads (the directory we want to create the new directory within)

Yet when we try to create the directory we see a path error:

"message": "Invalid Path! ../UserArea/invUploads/NEW"

Usually with PHP we would write around this with a small script but really, is that necessary? Is there any reason we can not create a directory in this location?

Bugging the &%$# out of us…

Any guidance appreciated!

#2
#3

For now we implemented a cron job to run a bash script to sync the directories (as the new directories are created in the Wappler site for now, not ideal but we worked around it as mentioned). Would be great to be able to do this without hitting the path error.

Ahhhh, @George thanks for assigining, and thank you in advance to @patrick

#4

Am I correct that the UserArea folder is outside of the Wappler project root?

#5

Yes, locally, on the server shares the same root directory. This is why I can not understand the issue of simply traversing to the directory? Nothing unusual in the structure.

#6

Both located within public_html just to clarify.

#7

In Wappler all paths in Server Connect are relative to the project root and should start with a /. Folders outside the project root are currently not possible. Relative paths with ../ are also not allowed. This was done for security reasons to protect against file access outside of your website. If it is really required to store/access files outside of the project root then we can have a look on how to allow this.

2 Likes
#8

I got round this by having my uploads folder within the project structure but added an htaccess file to deny access to it apart from locally by the script.

1 Like
#9

Really appreciated. Yes is really quite necessary and quite a basic requirement. Restricts the use of the ability to create directories quite significantly. We see no security implications as the same practice of storing outside of the site root is quite normal, can’t say we have ever seen any issues there security wise. I think that is the responsibility of the host/user/administrator to make sure things are secure. We are quite lucky I suppose in that we host and administer all of our own servers…

Thank you Patrick. Your time and words are always very appreciated.

#10

@sitestreet

We do a similar thing for most directories. A bit more stringent on some with more secure restrictions.

1 Like
#11

Hi @Dave
I have an old feature request for this

I switched to NodeJS for that reason. S3 integration also helped a lot. But I still have one PHP Site where I would be happy to have a Wappler solution for accessing/creating files outside website root.

1 Like
#12

Thanks @MH2ag
Unfortunately we can’t switch the project over to Node so we’ll have to leave the cron job in-place until, hopefully, the Team, can come up with a fix for us. Maybe an option in the file management area to enable or disable the ability to upload/create outside of the current projects root?

#13

Bump, sorry, desperately required! Not being able to traverse outside the Project root restricts so much.

bmr

#14

Couldn‘t you create a custom module?

#15

Good idea but really should not be necessary. Its a basic ability that should not require custom modules. Besides I just wouldn’t have a clue where to start to be honest… Really would like to be able to do this natively within Wappler through the UI and Server Connect.

#16

Please @George @Teodor @patrick

Could you please consider allowing us to navigate out of the Project root directory. This is now becoming a real issue and restriction with multiple Projects. We can’t tell the Clients sorry you need to change your structure and move tb’s of images… The majority of Clients have media stored outside of Project roots and as we are going through them and updating their deployments we keep hitting this wall repeatedly…

Its so bad if anyone would like to create a custom module for us ASAP we are more than happy to pay you! We are desperate to resolve this issue.

Thanks.

:wink:

#17

I will see if I can make it work, which server model are you using and which modules/actions require a full path?

2 Likes
#18

I know how busy you are so this is very appreciated @patrick

Server model is straight forward PHP.

File Management:

Create Folder
File Upload
File Remove

Image Processor:

Load Image
Re-Size Image
Store Image

Thank you so much for anything you can do. Always sincerely appreciated.

Mobile Apps: My nightmares come true ;-)
#19

Please is there any chance of implementing the ability to select paths outside of the app root as working with two Projects, Mobile scenario, it renders all the file actions (and associated actions for file and folder manipulation etc) obsolete. It really is essential and required. Now becoming very urgent indeed.

@patrick

#20

Well it is not that easy Dave. Storing anything outside your project root, done by web users is a great security risk.

If the correct checks aren’t performed you risk overwriting system files and getting hacked.

Also so many people select bad locations outside of the project just by mistake, thinking we will be auto including those files to the project.

That is why we are even thinking to use a custom limited files selector from the project folder only (like the assets manager) as file and folder picker instead of the system one, to prevent such mistakes.