First, the versions:
CCK--6.x.2.2
Imagefield--6.x.3.0-rc1
permissions--755 on both
download--tried both public and private
imagefield config--800x600

I am new to drupal, so if I'm missing something obvious, please bear with me. I was building a site locally using MAMP, with no problems. Got the site done, and went to upload/replicate everything on the remote server. Everything went fine with the exception of one page (isn't that always the way it goes?)

On the page in question, I am using CCK, ImageField, ImageCache, ImageUI, Lightbox2, and Views2 modules. On my initial setup, I installed them all, configured settings and permissions, created content types and image presets, then created the view/lightbox settings to display it all. Fired it up--FAIL. No images displayed at all--thumbnails or full size (although the presets and lightbox work, there is no image displayed, just the broken link icon.) So I look through the drupal.com forums and start peeling layers off--all the way down to just CCK and ImageField. Still fail--no image.

Some suggested answers said that clean urls are the answer, so after several hours fiddling with .htaccess, I got the settings right to configure clean urls, but still no luck. Others said that the problem had to do with whether file downloads are set to "public" or "private"--I've tried both, still nothing.

In all the documentation for ImageField, it says that the images should upload to "sites/default/files," (so my link should be sites/default/files/snapshots.jpg) which they do. However, when I look at the broken image link w/ Firebug, it says that the image is "​sites/​default/​files/​snapshots.jpg?1239303423." I have tried changing the title of the image to incorporate the "?1239303423", which also doesn't work, nor does attempting to directly browse to "default/files/snapshots.jpg" or "/node/13" (which this happens to be).

I'm stuck, and I can't find anything else in the forums that suggests an alternative. All the modules have been updated, I've run update.php and cron, and I can't think of any reason why ImageField would be looking for these images in some other place or form than how it should be.

Any ideas what I'm missing/doing wrong?

Comments

quicksketch’s picture

quicksketch
he/him
commented

I'm not quite clear on where the whole process is failing. Could you go down this list and tell me which ones fail?

1. Visit node/add/[whatever] and upload an image.
2. Thumbnail shows up next to the uploaded image on the node edit form.
3. Check that the file physically exists at sites/default/files/[name of file.ext] on the server
4. When viewing the node the image is displayed with the correct src at http://example.com/sites/default/files/[name of file.ext]?123456790
5. The file is visible when you visit it through the browser at http://example.com/sites/default/files/[name of file.ext]

From your description above, it sounds like you're saying that #3 and #4 pass, but #5 does not (in which case I'd be stumped). But I'm not sure I understood correctly.

The ?1234567890 is just a timestamp that is added to the URL to keep the browser from caching the image if a new image is uploaded and shouldn't affect the normal path to the image.

ericankenman’s picture

ericankenman commented

1-3 pass, 4 and 5 do not. The image will show up as a thumbnail (sometimes) on the node edit form, but never shows up when the node is viewed or when you browse directly to it.

quicksketch’s picture

quicksketch
he/him
commented

I'm not sure how the file could be successfully uploaded (#3), but you're not able to view it through the browser (#5). Are you sure you're looking at the right URL? Do you have any special .htaccess files in your files directory? It's possible that it would be preventing the files from being access (or settings by your web host might cause similar problems).

Have you tried using the core upload.module, just to see if you can view the files uploaded through it?

ericankenman’s picture

ericankenman commented

Just tried uploading something as a regular attachment--when I tried to save or preview the node, it said error 500-server error.

If this is an .htaccess problem, what would I be looking for in the file? I don't know enough to know what is out of place and what isn't.

Thanks for the help, by the way--it is greatly appreciated.

quicksketch’s picture

quicksketch
he/him
commented

Hmm, .htaccess files are definitely seeming to be culprit here now, or server configuration.

First I'd recommend replacing your .htaccess file in the root of your Drupal installation with a fresh copy from core:
http://cvs.drupal.org/viewvc.py/drupal/drupal/.htaccess?revision=1.90.2....

Make sure you don't have any customizations that you want to keep in that file.

Next, look for .htaccess files in your sites/default/files directory. Drupal adds one for you automatically as a security measure. Feel free to make a copy of it (sites/default/files/.htaccess), then delete it off the server. It'll be recreated for you automatically. If there are any other .htaccess files that you can find, try removing them (make copies first).

If there aren't .htaccess files anywhere else, it's likely server configuration and you should check with your hosting company.

ericankenman’s picture

ericankenman commented

Okay, I tried the clean .htaccess file, and that simply gave me an error 500 for the whole site. By process of elimination, I discovered that this occurs unless I have the line "Options +FollowSymLinks" commented out. I think this is due to the fact that I had to comment this out in order to enable clean urls, but I could be wrong.

What are my options at this point? I am a design guy here, and am definitely out of my league on the coding end of things--I'm trying to learn, but I'm definitely not there yet (one of the reasons that drupal appealed to me!)

quicksketch’s picture

quicksketch
he/him
commented

I discovered that this occurs unless I have the line "Options +FollowSymLinks" commented out.

Oh interesting! I've never heard of this problem before (it gives me serious worries about your host), but it offers up a valuable starting point. The .htaccess file automatically created by Drupal in your files directory also contains this line. If it's causing 500 errors on normal site, it's probably also causing the same error in the files directory.

Open up the sites/default/files/.htaccess file, and comment out the FollowSymLinks line. Deleting the file won't work since Drupal will automatically recreate the file (like I said above).

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
#Options +FollowSymLinks
ericankenman’s picture

ericankenman commented

Okay, that gives me a 403--access forbidden--error trying to browse to the file (it's still just a normal attachment on upload.module). I've checked the permissions on drupal's side as well as the server permissions, both are correctly set.

What do I do now? (At least this is a different problem!)

quicksketch’s picture

quicksketch
he/him
commented

Hmm, how curious. :-)

I really don't know what's going on with your server. I've never seen either of these problems. For the time being, you could try commenting out all three lines from the sites/default/files/.htaccess file. However, this opens your site up to some security holes to clever hackers if you allow any outside users to upload files (read: super dangerous). If possible, I'd suggest finding a new web host at the soonest opportunity (I love my host a2hosting).

ericankenman’s picture

ericankenman commented

That worked...I can now see the image. For the sake of my own education, what did I just comment out that allowed that to work?

Also, this is a personal portfolio site, and I'm the only one with access--is it still a security risk?

Thanks again for all your help, I really do appreciate it!

quicksketch’s picture

quicksketch
he/him
commented

The security release was this one here: http://drupal.org/node/65409

Basically what this exploit allowed was you could upload a file like script.php.psd. Since Apache doesn't know how to handle .psd files, it would fall back to .php. Meaning if you allowed the upload of PSD files, a user could upload a PHP script to the site, execute it, and wreck havoc. The .htaccess file prevents PHP (or any other scripts) from running within the files directory.

However if you're not allowing any other users to upload files you're at no risk. Drupal also puts in place other preventions to keep this exact example from occurring (it renames any files with double-extensions, and specifically prevents some extensions like php, cgi, asp, etc). Commenting out these lines are definitely not something I'd recommend on a site of any scale.

quicksketch’s picture

quicksketch
he/him
commented
Title: images do not display » Server 500 Error prevents images from displaying
Status: Active » Fixed

Renaming issue for posterity. Please open a new issue for any other questions. Glad we could get it working. :-)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nostromo-1’s picture

nostromo-1 commented

Hi

Got the exact same problem with exactly the same solution.

Changed 'sites/default/files/.htaccess' from

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks

to

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
#Options None
#Options +FollowSymLinks

and now it works. I don't know if it makes any difference but the host has "safe mode" on.

By the way I had to change $Config['UserFilesPath'] in 'sites/all/modules/fckeditor/fckeditor/editor/filemanager/connectors/php/config.php' from '' to '/sites/default/files/userfiles/' in order to see the files in FCKEditor. This applied even for files I had uploaded with FTP.

ron_sparks’s picture

ron_sparks commented

Thanks so much this thread helped a lot,
I changed my files .htaccess file (s noted by nostromo. ) to

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
#Options None
#Options +FollowSymLinks

now images show up. I was getting a 403 error.

also for the record, I am hosting with media temple on the grid server.

mediaformat’s picture

mediaformat commented

Same Error

The .htacces in 'site/default/files/'
contains:

<Directory /home/path/to/site>
   RewriteEngine on
   RewriteBase /
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</Directory>

what should I add or remove, to fix it?
Would the site be secure if I just deleted it?

Update...
Apparently the above .htaccess file is the one that goes in 'site/default'.

I re-added the original distribution .htaccess to 'site/default/files', and the result is success!

albannach’s picture

albannach commented

I had exactly the same problem - no images at all!

Discovered the same solution - the .htaccess file in sites/default/files.

Had to comment out in the same way:

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
#Options None
#Options +FollowSymLinks

Full saga:

http://drupal.org/node/1121774

richardaclarke’s picture

richardaclarke commented

I had the same problem, and an earlier problem with the main .htaccess in the root folder. Commenting out the 'Options' lines resolved.

The reason this threw an error was my host's Apache config: AllowOverride Options is not enabled on their Apache configuration.

I don't know what impact it has to remove Options +FollowSymLinks. Is this just Drupal being safe, in case that's not enabled in the main Apache config?

My host is fasthosts, btw.

thmohd’s picture

thmohd commented

Be sure you have the following modules installed on your server:

- php5-gd ( sudo apt-get install php5-gd )
- php5-imagick ( sudo apt-get install php5-imagick )