Laravel-medialibrary: pdf-to-image - 'not authorized' issue

Created on 12 Oct 2018 · 4Comments · Source: spatie/laravel-medialibrary

$this->imagick = new Imagick($pdfFile); errors with 'not authorized'

the directory at storage/medialibrary/temp/ that holds the uploaded pdf is created with permissions 755.

Apache is running as www-data - all directories/files are created with group:owner www-data:www-data

Source

swancreative

Most helpful comment

It seems this error started happening for a lot of people last week. No real reason why though. To partially fix...

Step 1:
sudo nano /etc/ImageMagick-6/policy.xml

Step2:
Add/edit the following lines

  <policy domain="coder" rights="read|write" pattern="PDF" />
  <policy domain="coder" rights="read|write" pattern="LABEL" />

You may also need to comment out the MGV line if you have it. I did not.

Step3:
Restart web server AND php-fpm. i.e. (on nginx/php7.2)
sudo service nginx restart
sudo systemctl restart php7.2-fpm

Referenced from: https://stackoverflow.com/a/52661288/6771855

Redis Queue
If using a redis queue, then the above advice does not work. Removing or commenting out the lines in step 2 will get it working, however I expect this is not the best action as you are disabling all security. Does anyone know what this should be set to in order for the conversions to be handled by a queue?

The other option is of course just to add ->nonQueued() to the media conversion but this may not be advisable for higher volume sites.

booni3 on 15 Oct 2018

👍13

All 4 comments

I have the same problem, any tips?

it is simply creating automatically / storage / medialibrary / temp

'media' => [ 'driver' => 'local', 'root' => public_path('uploads'), ],

joaomarcusjesus on 14 Oct 2018

I have the same problem, any tips?

it is simply creating automatically / storage / medialibrary / temp

'media' => [ 'driver' => 'local', 'root' => public_path('uploads'), ],

This actually does not have anything to do with this error as far as I am aware. This is the public directory for the end files & not where the image conversion happens.

Image conversion uses the temporary directory as set in set in medialibrary.php with 'temporary_directory_path' => null

When the package creates the temporary directory it should be making it with 777 permissions, as detailed in TemporaryDirectory.php

    if (! file_exists($directoryPath)) {
        mkdir($directoryPath, 0777, true);
    }

Our systems appear to be modifying this to 755 afterwards or maybe its not being created as 777 in the first place. I have another server setup using this package and on this one the directories are created as 775.

Can anyone provide any ideas to where this permission change may be happening?

booni3 on 15 Oct 2018

It seems this error started happening for a lot of people last week. No real reason why though. To partially fix...

Step 1:
sudo nano /etc/ImageMagick-6/policy.xml

Step2:
Add/edit the following lines

  <policy domain="coder" rights="read|write" pattern="PDF" />
  <policy domain="coder" rights="read|write" pattern="LABEL" />

You may also need to comment out the MGV line if you have it. I did not.

Step3:
Restart web server AND php-fpm. i.e. (on nginx/php7.2)
sudo service nginx restart
sudo systemctl restart php7.2-fpm

Referenced from: https://stackoverflow.com/a/52661288/6771855

The other option is of course just to add ->nonQueued() to the media conversion but this may not be advisable for higher volume sites.

booni3 on 15 Oct 2018

👍13

Are others still having this problem? Clicking through the link provided by @booni3 suggests that it is a security risk to change those lines in the ImageMagick policy:

Note: this solution and any other "edit the policy.xml" solution disables safety measures against arbitrary code execution vulnerabilities in ImageMagick. If you need to process input that you do not control 100%, you should use a different program (not ImageMagick).

I am not sure what I should do. Any advice from anyone else? I assume everyone would face this issue?