Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid zip file with QUICK link. #15

Closed
two-pack opened this issue Feb 14, 2013 · 9 comments

Comments

Projects
None yet
2 participants
@two-pack
Copy link
Owner

commented Feb 14, 2013

This problem reported http://www.redmine.org/boards/3/topics/11986?r=35564#message-35564 .
Exported zip file with QUICK link is XLS file in the fact. (changed file extension to check).

@ghost ghost assigned two-pack Feb 14, 2013

@cforce

This comment has been minimized.

Copy link

commented Mar 12, 2013

The exported zip file extracts a file named "Workbook" withiut any extension and non readable. If i rename the file to Workbook.xlsx excle complains in don't know the format and if i rename it to "Workbook.xls" Excel repirts major security problem and proposes not to open file because of trojan security risk!!!!!

Please fix or remove that intruder code, if any.

@cforce

This comment has been minimized.

Copy link

commented Mar 12, 2013

You have to rename the zip file to anything with .xls extension or configure extension in settings.
However this behavours is strange at however the user configures extension or not the file ending shall be save to *.xls if not part of the configured settings string.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 12, 2013

Please report followings:

  • How to re-procedure this problem.
  • Your environment with official board. (Including Excel version)
  • Image of reporting major security from Excel. (Unfortunately, I have NOT Excel...)

two-pack added a commit that referenced this issue Mar 12, 2013

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 12, 2013

Official board comment:
http://www.redmine.org/boards/3/topics/11986?r=35675#message-35675

Usually "(install rubyzip gem to access them)" on settings view is shown only when rubyzip is NOT installed.
But its first action when server run, this message was shown on admin settings.
This problem was fixed abobe commit.

But invalid zip problem is not fixed yet.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 13, 2013

I arrange this issues researching from official board.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 20, 2013

I reprocedured this issue with Redmine DMSF Plugin on BitNami Redmine for Windows.
I put following logger into export_to_string() of xls_export_controller.rb.

logger.debug "defined?(Zip::ZipOutputStream::write_buffer): #{defined?(Zip::ZipOutputStream::write_buffer)}"

#{defined?(Zip::ZipOutputStream::write_buffer)} is "method", but It is null with Redmine DMSF Plugin.
This condition causes the issue because following sentence on the method.

return issues_xls unless export_name[1] == 'zip' && defined?(Zip::ZipOutputStream::write_buffer)

I'll check where conflict both plugins.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 21, 2013

'zip' and 'rubyzip' libraries conflict causes this problem.
Redmine DMSF Plugin needs 'zip' library, then added it in Gemfile.
Otherwise XLS Export Plugin needs 'rubyzip', but 'require' find 'zip' library. 'zip' has NOT Zip::ZipOutputStream::write_buffer.

I could Quick export after followings:

  1. Uninstall 'zip' library using gem command.
  2. I did rewrite 'zip' to 'rubyzip' on Gemfile of Redmine DMSF Plugin.
  3. Re run bundle install.
  4. Restart redmine.

NOTE: I did NOT check to work Redmine DMSF Plugin after above.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 21, 2013

Many zip libraries are on RubyGems.org now.
http://rubygems.org/search?utf8=%E2%9C%93&query=zip

'rubyzip' is the most downloaded and latest updated.
Because I'll request Redmine DMSF Plugin to change 'zip' library to 'rubyzip'.

@two-pack

This comment has been minimized.

Copy link
Owner Author

commented Mar 28, 2013

I pull-requested Redmine DMSF Plugin.
danmunn/redmine_dmsf#110

If you wanna avoid this issue now, please try following:

  1. "zip" to "rubyzip" on DSMF Plugin's Gemfile.
  2. bundle install again and uninstall 'zip' gem like
    $ bundle install
    $ sudo gem uninstall zip
  3. Restart redmine.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.