View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
14069Bug reportsComfortUpdatepublic2018-11-23 14:30
Reporterjelo Assigned ToLouisGac 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Summary14069: ComfortUpdate update usage is counted on failed updates.
Description

BTW: Mantis: Latest product version available is still on 3.13.X

When the update routine breaks (e.g. php.ini limits prevents backup of database), the updater already decreased the counter.

Not sure, if the issue with php.ini limits during the backup routine can be caught before. Checking the size of the database dump before packing it might be possible.

TagsNo tags attached.
Attached Files
20180917.UpdateZIPMaxLimits.PNG (21,437 bytes)   
20180917.UpdateZIPMaxLimits.PNG (21,437 bytes)   
Bug heat4
Complete LimeSurvey version number (& build)3.14.9+180917
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMySQL
Server OS (if known)CentOS 7
Webserver software & version (if known)Apache 2.4.X
PHP Version7.2.X

Users monitoring this issue

There are no users monitoring this issue.

Activities

LouisGac

LouisGac

2018-09-18 10:17

developer   ~49070

yeah, that's the new anti "zip bomb file" behaviors...

jelo

jelo

2018-09-18 17:25

partner   ~49074

My settings on this testinstallation where very low 8MB.

On which level is the "ZIP bomb check" implemented (PHP 7.2, Yii or LimeSurvey/ComfortUpdate)?
PHP 7.2. will have some impact on other things (e.g. Token generation via Yii routines will fail more often on Windows (mcrypt removed from PHP and OpenSSL often not installed on Windows).
Is ComfortUpdater currently able to check and show warnings depending on the PHP version and OS ?

LouisGac

LouisGac

2018-09-18 17:44

developer   ~49075

yes comfortupdate test PHP version

about the zip bomb prevention:
https://github.com/LimeSurvey/LimeSurvey/blob/master/application/helpers/common_helper.php#L5033-L5071

and:

https://github.com/LimeSurvey/LimeSurvey/blob/master/application/helpers/common_helper.php#L4860

I could add an option setting in config.php to set a specific max size for the zip files

Issue History

Date Modified Username Field Change
2018-09-18 09:38 jelo New Issue
2018-09-18 09:38 jelo Status new => assigned
2018-09-18 09:38 jelo Assigned To => LouisGac
2018-09-18 09:38 jelo File Added: 20180917.UpdateZIPMaxLimits.PNG
2018-09-18 10:17 LouisGac Note Added: 49070
2018-09-18 17:25 jelo Note Added: 49074
2018-09-18 17:44 LouisGac Note Added: 49075
2018-11-23 14:30 jelo Status assigned => closed
2018-11-23 14:30 jelo Resolution open => fixed