New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ZIP is still not supported #155
Comments
zip is supported by the phar extension in general. https://github.com/phpMussel/phpMussel/blob/master/vault/functions.php#L1309-L1334 |
Quick question; If you try executing this on your server: <?php var_dump(extension_loaded('phar')); ?> Do you get If the test file can be scanned correctly normally, but not when zipped, it could be some issue with the PHAR extension maybe. |
@Maikuolan I get |
same issue here. zip is not scanned it seems and it passes just fine with the graphics_standard_testfile.gif :-/ |
Which release of phpMussel do you use? |
Because #152 was about this issue and it is resolved in master but not published as release. |
I use latest files directly from github. |
Any |
Nothing in error logs. Renaming file doesn't change behaviour. |
@Maikuolan @DanielRuf is my zip file posted above blocked on your end? |
On my end, it blocks successfully. Also compared the zipped GIF against my own copy, in case something somehow became corrupted during transfer at some point, but the two copies were exactly the same, so nothing there either. |
Is there any config value I need to set before zip files are checked? |
There is this in the config: ; Attempt to check the contents of archives? False = Don't check; True = Check
; [Default]. Currently, the only archive and compression formats supported are
; BZ/BZIP2, GZ/GZIP, LZF, PHAR, TAR and ZIP (archive and compression formats
; RAR, CAB, 7z and etcetera not currently supported). This is not foolproof!
; While I highly recommend keeping this turned on, I can't guarantee it'll
; always find everything. Also be aware that archive checking currently is not
; recursive for PHARs or ZIPs.
check_archives=true So, I'm actually working on adding some better way of analysing the cache to the front-end at the moment; Hoping we might be able to use it to see exactly what's going on there once and for all. Should have it ready to be committed within a few hours. |
Okay; New feature added just now. After updating to the latest commit ( For example, on my end, I see this: Also, what is the current value you have assigned for Due to the way the code is written currently: /**
* Begin archive phase.
* Note: Archive phase will only occur when "check_archives" is enabled and
* when no problems were detected with the file/object being scanned by
* this stage of the scan.
*/
if (
$phpMussel['Config']['files']['check_archives'] &&
!empty($in) &&
$phpMussel['Config']['files']['max_recursion'] > 1
) { ..the archive phase of the scan process mightn't execute properly if (As a side-note.. Something that I might need to either modify to document better at some point, I think; Not sure whether it'll make sense to everyone in its current form). |
Hm, interesting. Values look good; Cache data there looks good too. Still looking into it but haven't thought of any other possible leads yet. Will reply again when I think of something. |
@Maikuolan I investigated a bit and this is what I found: |
Hm, I think you're onto something there. When I attempt to scan the ZIP locally, for me, the condition is As for why the condition evaluates differently between your installation and mine, offhandedly, I'm not entirely sure, but maybe there's a readability issue with the file (i.e., the Not using an outdated version of the Phar extension, per chance..? If you are, I could have a dig through the Phar extension changelogs, to see whether there's been some bug fixed in the past which could explain the problem we're experiencing here. Otherwise though, if your Phar extension is up-to-date, I doubt that'd be the problem here, seeing as I'm not seeing the problem replicated on my end at the moment. |
|
In regards to http://php.net/manual/en/wrappers.phar.php Only information relating to Phar that I can immediately see in the latest [Phar]
; http://php.net/phar.readonly
phar.readonly = Off
; http://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list = Still.. It's a possible lead. Will do some more digging. |
@Maikuolan got it!!! Since uploaded file didn't have rename($f, $f . '.zip');
$f = $f . '.zip'; scan successfully blocked the file: Though I had to comment out file manipulation check... |
Oh wow. o.0 Glad to hear you've figured out what's causing the problem! Still.. Bizarre. Renaming the ZIP file locally, I've found that, when I give it a non-ZIP extension (but still having some extension), it seems to still scan correctly, but when I remove the extension completely, I'm able to replicate the problem (scan reports "No problems found."). |
Good to hear you can replicate the problem finally! Still, the only solution as I think of it now seems to be give each archive it's extension back before scanning... |
This is not possible in most cases as you would have to detect the archive format based on the magic bytes of the file header. Doesn't the phar extension support reading files even if they have no extension? |
Contemplating whether I should report this as a bug to the PHP bug tracker. Kind of feels like something that someone should've already reported by now at this point in time, as I'm sure there's no way we could've possibly been the first people to ever try to use the Phar extension with extensionless archives, but I've been digging through the bug tracker and changelogs a bit more carefully and haven't found anything yet that mentions issues with file extensions and Phar (though I could just be missing it; lot of stuff in the changelogs and bug tracker). |
PS, if anyone else wanted to give it a whirl:
I haven't yet found anything useful there for this issue though. |
Wanting to check whether it's an issue specifically with With the extension:
Produces this (i.e., seems okay):
Without the extension:
Produces this:
|
Problem seems specific to Phar. Using PHP's own zip_open function seems to work okay:
Produces this (expected):
Per the docs:
So, worst case scenario, I could always revert back to using zip_open in the codebase. However, zip_open will only work for ZIP files (i.e., it won't be able to open TAR or PHAR files correctly), meaning this problem with opening extensionless archives would persist for non-ZIP archives using the Phar extension. Definitely seems like a bug in Phar to me at this point. :-/ |
Found something that at least deals with the same error message:
@DanielRuf as @Maikuolan states every other archive except for zip works fine. So why don't we attach zip extension only when we detect @Maikuolan can you open a new issue in PHP bug tracker? I hope there is someone who can quickly reproduce the problem and be skilled enough to fix it as well... |
Or maybe only try to use |
True, and good point.
Sounds like the best next course of action, I think. Will do so and include a link to the relevant bug tracker page here for referencing. |
Also I think a unit test that checks for this anomaly should be created. I assume you use Windows for development, but many servers are using linux/unix OS that probably generates the same temp filenames as my PC, so it's highly probable that archives are ignored for most users and that's why no one complains about it. Travis uses linux, so unit test would fail. |
Reported: https://bugs.php.net/bug.php?id=76061 |
No responses on their end yet. Hopefully they'll respond soon, but we'll see. There seems to be 37 open issues (i.e., not closed, verified, or resolved) in their bug tracker at the moment that specifically relate to the Phar extension. Some of those are identified as being related to EoL PHP branches (not sure why they've kept those issues open, seeing as EoL would imply that those related bugs will never be fixed), but the majority (20 of them) are either identified as being related to non-EoL branches ( |
Hi @Maikuolan any chance you would be so kind to add the fix suggested by @senky while we wait for the PHP fix? (we could be potentially waiting forever for their FIX :-/ )
|
I'll take a look at this again in the morning and see what I can do. :-) |
Fantastic! you are very kind. Thanks so much in advance! |
Changelog excerpt: - [2018.03.25; Partial bug-fix; Maikuolan]: Coded a workaround to partially address the dotless phar file bug, allowing users to scan dotless ZIP files (#155).
I've coded and committed a quick workaround just now that should hopefully address this problem (for ZIP files at least), until something more permanent can be done about the problem. I won't close this issue yet regardless, because I think the root of the problem (i.e., the bug as per reported to the PHP bug tracker) really needs to be fixed before I call this issue "closed", but that aside.. When you get a chance to update and test out the workaround, let me know how it goes, whether there are any problems and so on. :-) |
kelunik posted a not identical, but very similar issue towards the end of March (#76128), just a few weeks after I posted our issue on the bug tracker. Fast-forward to today.. it's mid-August, and still nobody has replied to the original issue which I'd posted earlier, but cmb has replied to the issue posted by kelunik, and in the absence of any reply to the issue which I posted, the reply which cmb gave to kelunik would probably suffice, given the similarity of the issues. The reply:
..which sounds awfully close to that old "it's not a bug, it's a feature" response, IMO (which I find a little disappointing personally, but considering I don't really have enough time to actively contribute any pull requests or code changes to the phar extension myself after setting aside time for the projects I'm already involved with, I'm not in much of a position to argue with them over that). So.. I'll probably mark this as a "Won't Fix", I guess. (Even though we actually do now already have a viable workaround for ourselves, to solve the problem insofar as phpMussel is concerned.. But seeing as the source of the bug lies with the phar extension, and the current response, plus lack thereof, implies that they don't have any immediate plans to fix it in the near future, I think, not much point keeping this issue here open anymore). The silver lining: One less issue to track at this repository here. |
I have to say this is disappointing... Especially for people who wait for fixes/updates and have no knowledge on how to do it themselves... Also considering the fact this is supposed to work just fine on shared hosting for example. In fact it does not as you cannot control your server and install what you need or mess around with libraries. |
(On a side-note.. I've been reading about some other, different but similarly problematic concerns that others have encountered with the phar wrapper elsewhere recently, and I've been considering that I might ditch using phar entirely in favour of something else at some point in the future, once I can figure out the best way to approach this.. though it'll likely require a complete rewrite and overhaul of how phpMussel approaches archives, and may involve possibly bumping phpMussel's major version, i.e., from v1.x.x to v2.x.x. Will post more details about this later though, in a separate issue). |
Guys, issue #2 desc says zip is already supported, but try this:
graphics_standard_testfile.gif
from_testfiles
phpmussel_graphics.db
andphpmussel_graphics_regex.db
active and up-to-dategraphics_standard_testfile.gif.zip
The text was updated successfully, but these errors were encountered: