Export file Session Data not saved in PHP 7.1+

Bug #1757330 reported by Kevin Dibble on 2018-03-21
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Status tracked in 18.10
17.04
High
Unassigned
17.10
High
Unassigned
18.04
High
Robert Lyon
18.10
High
Robert Lyon

Bug Description

Mahara 17.10.3 (alo occurs on Mahara 17.10.0)
Operating system: Ubuntu, apache2, PHP 7.1.8 (also occurs on PHP 7.1.15 and PHP 7.1.3)
Database; MySQL
Browser: Chrome.

Exporting files in Mahara
/export/index.php

Export Either LEAP file or Standalone HTML
click Generate Export
in the iframe - the /export/download.php redirects back to the export/index.php file and nothing is downloaded - the progress iframe now shows the /export/index.php page.

Possible Cause:
Download.php (export/download.php) as this located at the bottom of the page (~ line 106)
$SESSION->set('exportfile', $exporter->get('exportdir') . $zipfile);

At the top of the page it checks to see if this session data exists - and if so - to force the download of the file.
line 17:
if ($exportfile = $SESSION->get('exportfile')) {
    $SESSION->set('exportdata', '');
    $SESSION->set('exportfile', '');
    require_once('file.php');
    serve_file($exportfile, basename($exportfile), 'application/x-zip', array('lifetime' => 0, 'forcedownload' => true));
    exit;
}

In PHP 7.1.3 and higher - the $SESSION->get('exportfile') is empty when the JS redirect calls this page (from the print_export_footer function) and the session data set at the bottom of the page is not present when the page is being loaded to get the file. (loading the /export/index.php again will empty the exportfile data).

The export works as expected in PHP 7, but fails in PHP 7.1+.

Is Mahara 7.1+ ready?

Robert Lyon (robertl-9) wrote :

There seems to be some strangeness about keeping the session when redirecting from the iframe in PHP 7.1

I've added a patch where we just pass part of the filepath info to the print_export_footer() function (strip all up to the user's id number)

https://reviews.mahara.org/#/c/8712/1

And check on return if the logged in user can access the file based on their user id

Changed in mahara:
importance: Undecided → High

Reviewed: https://reviews.mahara.org/8712
Committed: https://git.mahara.org/mahara/mahara/commit/ba36e509d2958380f1957b97274391ef6b90f6c4
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit ba36e509d2958380f1957b97274391ef6b90f6c4
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

This change just passes only the file name to the js redirect and then
rebuilds the full path on return. Because we use the user's id in full
path we can make sure only the valid logged in user can fetch the file

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Patch for "17.10_STABLE" branch: https://reviews.mahara.org/8731

Mahara Bot (dev-mahara) wrote :

Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8732

Reviewed: https://reviews.mahara.org/8730
Committed: https://git.mahara.org/mahara/mahara/commit/ddce7e888f825a5c58ad4a3834cf0eb4c5ef025b
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit ddce7e888f825a5c58ad4a3834cf0eb4c5ef025b
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

This change just passes only the file name to the js redirect and then
rebuilds the full path on return. Because we use the user's id in full
path we can make sure only the valid logged in user can fetch the file

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ba36e509d2958380f1957b97274391ef6b90f6c4)

Won't fix in 17.04 as it does not support PHP 7.1.

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8731
Committed: https://git.mahara.org/mahara/mahara/commit/9f1f94ff48e7bb0dae798e7332951d862308b4a2
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 17.10_STABLE

commit 9f1f94ff48e7bb0dae798e7332951d862308b4a2
Author: Robert Lyon <email address hidden>
Date: Mon Mar 26 09:49:17 2018 +1300

Bug 1757330: PHP 7.1 is not keeping the session when exporting

We do a bunch of iframe / js tricks to get the progress bar to work
and then rely on session for the file name to serve it at the end

This change just passes only the file name to the js redirect and then
rebuilds the full path on return. Because we use the user's id in full
path we can make sure only the valid logged in user can fetch the file

behatnotneeded

Change-Id: I6478df19465ad8e1075343cb40e6f5360061b56a
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ba36e509d2958380f1957b97274391ef6b90f6c4)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers