Mahara

Export file Session Data not saved in PHP 7.1+

Bug #1757330 reported by Kevin Dibble on 2018-03-21

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Robert Lyon	Mahara 18.04.0
17.04	Won't Fix	High	Unassigned
17.10	Fix Released	High	Unassigned	Mahara 17.10.4
18.04	Fix Released	High	Robert Lyon	Mahara 18.04.0
18.10	Fix Released	High	Robert Lyon	Mahara 18.10.0

Bug Description

Mahara 17.10.3 (alo occurs on Mahara 17.10.0)
Operating system: Ubuntu, apache2, PHP 7.1.8 (also occurs on PHP 7.1.15 and PHP 7.1.3)
Database; MySQL
Browser: Chrome.

Exporting files in Mahara
/export/index.php

Export Either LEAP file or Standalone HTML
click Generate Export
in the iframe - the /export/download.php redirects back to the export/index.php file and nothing is downloaded - the progress iframe now shows the /export/index.php page.

Possible Cause:
Download.php (export/download.php) as this located at the bottom of the page (~ line 106)
$SESSION->set('exportfile', $exporter->get('exportdir') . $zipfile);

At the top of the page it checks to see if this session data exists - and if so - to force the download of the file.
line 17:
if ($exportfile = $SESSION->get('exportfile')) {
    $SESSION->set('exportdata', '');
    $SESSION->set('exportfile', '');
    require_once('file.php');
    serve_file($exportfile, basename($exportfile), 'application/x-zip', array('lifetime' => 0, 'forcedownload' => true));
    exit;
}

In PHP 7.1.3 and higher - the $SESSION->get('exportfile') is empty when the JS redirect calls this page (from the print_export_footer function) and the session data set at the bottom of the page is not present when the page is being loaded to get the file. (loading the /export/index.php again will empty the exportfile data).

The export works as expected in PHP 7, but fails in PHP 7.1+.

Is Mahara 7.1+ ready?

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-25: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8712

Revision history for this message

Robert Lyon (robertl-9) wrote on 2018-03-25:

There seems to be some strangeness about keeping the session when redirecting from the iframe in PHP 7.1

I've added a patch where we just pass part of the filepath info to the print_export_footer() function (strip all up to the user's id number)

https://reviews.mahara.org/#/c/8712/1

And check on return if the logged in user can access the file based on their user id

Changed in mahara:
importance:	Undecided → High

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27: A change has been merged

Reviewed: https://reviews.mahara.org/8712
Committed: https://git.mahara.org/mahara/mahara/commit/ba36e509d2958380f1957b97274391ef6b90f6c4
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit ba36e509d2958380f1957b97274391ef6b90f6c4
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

This change just passes only the file name to the js redirect and then
rebuilds the full path on return. Because we use the user's id in full
path we can make sure only the valid logged in user can fetch the file

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27: A patch has been submitted for review

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8730

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27:

Patch for "17.10_STABLE" branch: https://reviews.mahara.org/8731

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27:

Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8732

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27: A change has been merged

Reviewed: https://reviews.mahara.org/8730
Committed: https://git.mahara.org/mahara/mahara/commit/ddce7e888f825a5c58ad4a3834cf0eb4c5ef025b
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit ddce7e888f825a5c58ad4a3834cf0eb4c5ef025b
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ba36e509d2958380f1957b97274391ef6b90f6c4)

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2018-03-27:

Won't fix in 17.04 as it does not support PHP 7.1.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-27:

Reviewed: https://reviews.mahara.org/8731
Committed: https://git.mahara.org/mahara/mahara/commit/9f1f94ff48e7bb0dae798e7332951d862308b4a2
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 17.10_STABLE

commit 9f1f94ff48e7bb0dae798e7332951d862308b4a2
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ba36e509d2958380f1957b97274391ef6b90f6c4)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.