-
-
Notifications
You must be signed in to change notification settings - Fork 214
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot download msi file from download manager #4478
Comments
Please check your Apache error log for more details (your hosting provider can help you with this). The error log provides more information. I suspect it's a server configuration security measure. |
I'll try to get it. Downloading worked fine in the original version so I'm curious ;-) I will install the backup on another location to verify as well. |
Hi,
The problem is here:
That file was changed from normal PHP to class and moved to plugin, but there is but adding $this-> didn't help The only fix was moving that function outside the download_request class. |
This will be only a bug using php 8 (tested on local ) : (in addition to problem issue Jimmy08 mentioned, not at that point arrived) Fatal error: Uncaught TypeError: count(): Argument #1 ($var) must be of type Countable|array, null given in R:\Xampp-803\htdocs\newest\e107_plugins\download\includes\admin.php:1821 Stack trace: #0 R:\Xampp-803\htdocs\newest\e107_plugins\download\includes\admin.php(418): download_main_admin_ui->submit_download() #1 R:\Xampp-803\htdocs\newest\e107_plugins\download\includes\admin.php(450): download_main_admin_ui->observe() #2 R:\Xampp-803\htdocs\newest\e107_handlers\admin_ui.php(1474): download_main_admin_ui->init() #3 R:\Xampp-803\htdocs\newest\e107_handlers\admin_ui.php(1447): e_admin_dispatcher->_initController() #4 R:\Xampp-803\htdocs\newest\e107_handlers\admin_ui.php(1333): e_admin_dispatcher->getController() #5 R:\Xampp-803\htdocs\newest\e107_handlers\admin_ui.php(1105): e_admin_dispatcher->runObservers() #6 R:\Xampp-803\htdocs\newest\e107_plugins\download\admin_download.php(244): e_admin_dispatcher->__construct() #7 {main} thrown in R:\Xampp-803\htdocs\newest\e107_plugins\download\includes\admin.php on line 1821 SInce MSI files contain some data code on front (which might be checked by/through server etc.. use FTP uload to import folder (filetypes adjusted and keep an eye out on 'naming' (space - and _ etc..).. This happens on a live php 7.4.10 site: edit : need to mention : not all hosters/servers accept the handling of executable files...(than store and provide in compressed form (zip/rar). |
Alright, so it looks like it is a bug. Can you please check the Apache error log still? I am curious to see what it says. Or is that error that @Jimmi08 posted from the error log? |
I suppose so, but I did ask the provider to give access to the logfiles. As it is Easter, I'm afraid that it might be problematic, because I cannot reproduce as Jimako fixed it. But we'll see. |
@Moc there are 2 issues... his original problem was due to that fatal error but you don't see it on the live server, so I tested it with his download table on localhost. That workaround helped. |
Just adding imo : as i understand, the mimetype is in file class ; but is not in allowed types (eg for upload). Being an executable file it seems correct to me (sec. reason> local file upload vulnerability). |
mmm, yes and no. I have a msi on my website for download to allow customers to download and install. The download is verified by Microsoft and Google, is digitally signed, and has all the marks for being a legit application.
Point is, that I could not find a way of configuring the system so that it worked as expected. For advanced hackers, it is not that difficult to hide their stuff in 'legal' files. Perhaps off-topic, but still. |
I understand, and partial agree; can (would like to ) say more, but it is posted as issue, adding more leads to discussion and distracts. ( i (pers.) leave it at that). |
@aducom Normally this last commit should fix the download part of the issue. Uploading issue still requires a fix. |
@aducom Would you mind retesting? |
I will.Op 14 apr. 2021 22:41 schreef Cameron ***@***.***>:
@aducom Would you mind retesting?
—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.
|
@aducom you need to replace e107_plugin/download/request.php |
I did. But actually I'm not sure what the modification did. The original issue was that I could not download an msi as an external file. That was fixed by Jane. The other issue is that I could not upload the msi as an accepted file and I could not add it to the list of accepted files. That is also in the download where you can upload an existing file from your local machine. Well, downloading the msi as an external file works fine with this file, so nothing changed there. But I still can't upload an msi. |
Closing as presumed fixed. Please let us know if the issue still persists. |
Bug Description
I have upgraded my website to the latest github. On my website users can download an msi file that is declared as an external file in the download manager. If you try to download then you get a 500 error message.
I thought it had to do with accepted filetypes and tried to assign it as a local file by trying to upload the msi. You can't. I couldn't find a place where I could define that except for uploads.
I can download pdf's so I think it has to do with the file type.
How to Reproduce
Steps to reproduce the behavior:
Just create a download of an msi and try to download
Expected Behavior
that i can download the file
Screenshots
just 500 (internal server error)
Server Information
e107
Version 2.3.1 (git)
Security level
[5] Balanced
Site Theme
hestia
Admin Theme
Bootstrap 3 v1.0 by e107 Inc (2013-12-25)
Install date
Wednesday 11 December 2019 - 08:32
Server
Apache/2
(host: www.phspeed.com)
PHP Version
7.4.14
MySQL
5.5.31
Database: aduc0madm_phspx
PDO: Enabled
Mode: NO_ENGINE_SUBSTITUTION
Charset
utf-8
Server Time
Sunday 04 April 2021 - 17:55
The text was updated successfully, but these errors were encountered: