0002064: filedownload seems to change file content - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0002064	mantisbt	bugtracker	public	2002-05-29 07:29	2004-12-11 03:02

Reporter	brody	Assigned To	thraxisp
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Platform	NTW12245	OS	Windows NT 4	OS Version	1381 SP 6
Product Version	0.17.3
Fixed in Version	0.19.2

Summary	0002064: filedownload seems to change file content
Description	a per bug uploaded file (file upload must be enabled and is send to DATABASE) is listed under the "attached files" with its original length and fileupload datetime. downloading such a file for view (or save to disk) adds 2 bytes ($0A$0A) add the beginning of the file. In case of a binary, the file becomes shorten by these two bytes at the end. A text type file becomes these two bytes extended
Steps To Reproduce	1) set (fileupload enabled, uploadmethod = database) 2) do a fileupload 3) get the file back (from mantis) for view 4) compare the original file and the downloaded file
Tags	No tags attached.
Attached Files	file_download.p_h_p (3,046 bytes) <?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: file_download.php,v 1.30 2004/10/15 18:49:31 thraxisp Exp $ # -------------------------------------------------------- ?> <?php # Add file and redirect to the referring page ?> <?php require_once( 'core.php' ); $t_core_path = config_get( 'core_path' ); require_once( $t_core_path.'file_api.php' ); ?> <?php auth_ensure_user_authenticated() ?> <?php $f_file_id = gpc_get_int( 'file_id' ); $f_type = gpc_get_string( 'type' ); $c_file_id = (integer)$f_file_id; # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ( $f_type ) { case 'bug': $t_bug_file_table = config_get( 'mantis_bug_file_table' ); $query = "SELECT * FROM $t_bug_file_table WHERE id='$c_file_id'"; break; case 'doc': $t_project_file_table = config_get( 'mantis_project_file_table' ); $query = "SELECT * FROM $t_project_file_table WHERE id='$c_file_id'"; break; default: access_denied(); } $result = db_query( $query ); $row = db_fetch_array( $result ); extract( $row, EXTR_PREFIX_ALL, 'v' ); # Check access rights switch ( $f_type ) { case 'bug': if ( !file_can_download_bug_attachments( $v_bug_id ) ) { access_denied(); } break; case 'doc': # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { access_denied(); } access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id ); break; } ob_clean(); # Make sure that IE can download the attachments under https. header( 'Pragma: public' ); header( 'Content-type: ' . $v_file_type ); header( 'Content-Length: ' . $v_filesize ); # Added Quotes (") around file name. header( 'Content-Disposition: filename="' . file_get_display_name( $v_filename ) . '"' ); header( 'Content-Description: Download Data' ); # prevent file caching @@@ (thraxisp) we may want to suppress this for small files header( 'Pragma: no-cache' ); header( 'Expires: 0' ); # dump file content to the connection. switch ( config_get( 'file_upload_method' ) ) { case DISK: if ( file_exists( $v_diskfile ) ) { readfile( $v_diskfile ); exit(); } break; case FTP: if ( file_exists( $v_diskfile ) ) { readfile( $v_diskfile ); } else { $ftp = file_ftp_connect(); file_ftp_get ( $ftp, $v_diskfile, $v_diskfile ); file_ftp_disconnect( $ftp ); readfile( $v_diskfile ); exit(); } break; default: echo $v_content; exit(); } ?> file_download.p_h_p (3,046 bytes)

jlatour 2002-05-30 16:19 reporter ~0002739	Hrm. Two linefeeds. I don't see where they could be added. Could you check the database and see if it's in there?

brody 2002-05-31 00:07 reporter ~0002742	a look in the database doesn't present any linefeeds there, neither on text nor on binary files.

jlatour 2002-05-31 01:59 reporter ~0002745	Which Mantis version would this be? The same problem does not occur with DISK?

brody 2002-05-31 02:45 reporter ~0002748	1) the mantis version - i used - you can see in the advanced bug view (its: 0.17.3) 2) no, it occurs with DISK,too.

updater 2002-06-10 16:44 updater ~0002837	I am seeing the same thing also.

updater 2002-06-10 21:34 updater ~0002839	Hello there

brody 2002-08-08 04:13 reporter ~0003050	what about this annoying bug (it makes the problem of disabled file upload at my mantis installation) I checked it again with different browsers - its all the same. The shorting of the output comes from the header header( "Content-Length: ".$v_filesize ); which is set in the file_download.php page. The shortening happens on both file types It would be a workaround not to set this header in file_download.php, but binary files would become corrupted

brody 2002-08-08 05:55 reporter ~0003054	Found a solution (Workaround) file_download_php: 31a32,34 workaround: eliminating two malicious carriage return signs, which prevent the correct download of attached files (wb: Aug, 8th, 2002) ob_end_clean(); Explanation: As one can read at '<a href="http://www.php.net/manual/en/function.header.php">http://www.php.net/manual/en/function.header.php</a>' (...)Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file. (...) It seems to me that the underlined parts of the previous section containts the hint to the vertical solution; my workaround do a flush and afterthat puts the required header into a "clean" output stream.

jlatour 2002-08-17 11:25 reporter ~0003125	Hrm. It may solve it, but it rather treats the symptoms. Let's see if we can find where those lines come from. Any idea? I saw some core_* files have a newline at the end, and some don't, but PHP doesn't print a newline after ?>. Any other ideas?

brody 2002-08-26 08:18 reporter ~0003177	I think, that the problem is pointed out by the section I copied from the php manual and its comments; the combination of blank lines of included files and the mantis split between using the header() function and building the rest of the html content. I hope, that you (mantis developer) better know, what is included by which other php source.

mekb 2003-05-21 20:04 reporter ~0004324	I experienced something very similiar to this. I tracked down the problem to my very own config_inc.php. I had apparently appended a number of empty lines after the finishing "?>" by mistake (the file is simply included whenever a mantis page is loaded). Removing the extra lines solved my problem. Perhaps user-edited files should be included in a way that's a bit more tolerant to errors?

sgrund 2003-08-07 18:16 reporter ~0004507	My experience: 0.17.5 up/downloads files correct. 0.18.0a4 adds 0x0A on begining, and removes one char on end. Note: this happend at download! MySQL-Entry is correct! (Both mantis-versions use the same php/mysql/apache-versions)

sgrund 2003-08-19 13:13 reporter ~0004543	FYI: I reproduced the bug when try to dowload low_priority_icons.zip from Bug 0003275

jlatour 2004-08-08 09:08 reporter ~0006805	Is this still an issue with the recent 0.19 alphas? Yes, I know. Waiting-and-hoping-the-bug-will-go-away behaviour :-)

bpfennig 2004-08-08 12:35 reporter ~0006820	I had the same problem at some installations. It cost me hours to find the solution and reason of this problem. Please be sure that you don't have linefeeds at the end of the config_inc.php file. If you have linefeeds behind the ?> at the end of the file all downloaded files will start with $0A$0A.

jlatour 2004-08-08 12:40 reporter ~0006821	OK, we should clear the output buffer then, if that has not already been done.

tmallard 2004-08-17 09:24 reporter ~0007030 Last edited: 2004-08-17 09:28	Just in case someone has the same trouble : to get rid of the $0d $0a characters at the end of the config_inc.php file, I did a dd if=config_inc.php of=config_inc.php.new bs=1 count=<size-2> where 'size' is the filesize of config_inc.php ( you can get that using ls -l or wc -c ) Also, you can use 'hexdump -c config_inc.php' to see if the '>' is the last character or not. Hope this helps, as I didn't find a vi or vim option to do that.. modifiÃ© le : 08-17-04 09:28

hring 2004-11-30 07:29 reporter ~0008454 Last edited: 2004-11-30 07:30	Had a similar problem. Problem is that PHP engine outputs the content of any xxx.php file outside the <?php ... ?> tags as literals. You can solve the problem by changing the file_download.php in the following manner: enable output buffering and before adding the first header add: <CODE>ob_clean();</CODE> secondly add <CODE>exit()</CODE> in the end effectively avoiding any cr+lf's after the last ?> being sendt to the output buffer.

thraxisp 2004-12-08 10:49 reporter ~0008543	Fixed in CVS. Flushed output buffer before sending file.

View Issue Details

Relationships

Activities

workaround: eliminating two malicious carriage return signs, which prevent the correct download of attached files (wb: Aug, 8th, 2002)