Passer au contenu
RunCloud blew up our PrestaShop server!?

RunCloud blew up our PrestaShop server!?


Using RunCloud to manage VPS servers has been working out pretty well, you gain an easy control panel to manage servers and web applications as well as a strong configuration by default. I've recently installed PrestaShop on a RunCloud managed VPS for the first time, previously I've alway used a traditional VPS without a nice fancy control panel.

I do like PrestaShop, I think it offers a decent e-commerce platform that is highly configurable to your needs. I also feel they're moving in the right direction migrating to a Symfony based framework. Creating PrestaShop backoffice modules and apps in the Symfony ecosystem is a breeze and very nice to work with in my opinion.

The main event

Anyway enough background... lets get to the specific problem at hand. Yesterday I went to export the list of categories from PrestaShop running on the RunCloud managed server. There were 5 categories, right off the bat I knew something wasn't right. It was taking way too long to export 5 categories. I was about to go check the logs on the server when BANG! RunCloud alert received... You're out of disk space! And sure enough yes there was 160Gb of error logs of the PrestaShop application.

So turns out the CSVResponse component in PrestaShop uses the function `tmpfile()` which will create and return a handler to a temporary file. Part of RunCloud's security is to disable a nice long list of PHP functions that they deem a security risk and yes tmpfile is within that list. So since the handler returned turns out to be null and PrestaShop tries to use it as a file handler without validating it is actually a file handler (CsvResponse:289), the application errors and since this lovely piece of code is within the exit condition of a while loop, it loops infinitely filling up your log file.

Lesson learned?

If you're using RunCloud, validate the functions listed in the disabled functions list are not actually used by your application. And if you're running PrestaShop on RunCloud, remove tmpfile() from the disabled functions list.

Catégories : Développement web PHP Conseils Leçons apprises Presta Shop