Problem with session management, cant upload Problem with session management, cant upload
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Problem with session management, cant upload

Started by comrade, March 10, 2009, 08:17:54 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

comrade

Hello, i have a strange problem when trying to upload a file, ending up with The string "^SUCCESS$" was not found in the response body.
Here are the details, from jupload log

13:30:49.142 [DEBUG] -------- Response Headers Start --------
13:30:49.142 [DEBUG] HTTP/1.1 200 OK
13:30:49.142 [DEBUG] Date: Tue, 10 Mar 2009 17:30:18 GMT
13:30:49.142 [DEBUG] Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6
13:30:49.142 [DEBUG] X-Powered-By: PHP/5.2.6
13:30:49.142 [DEBUG] Content-Type: text/html
13:30:49.142 [DEBUG] Content-Length: 845
13:30:49.142 [DEBUG] Connection: close
13:30:49.142 [DEBUG]
13:30:49.157 [DEBUG] --------- Response Headers End ---------
13:30:49.157 [DEBUG] -------- Response Body Start --------
13:30:49.157 [DEBUG] getRemoteAddress response: _SERVER['REMOTE_ADDR']
13:30:49.157 [DEBUG] Entering loadJuploadInternalSessionIfConfiguredTo
13:30:49.157 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: Before connection
13:30:49.157 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: connection result=1
13:30:49.157 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: before select from config:
13:30:49.157 [DEBUG] 
13:30:49.157 [DEBUG]             SELECT   value
13:30:49.157 [DEBUG]             FROM   cpg14x_config
13:30:49.157 [DEBUG]             WHERE   name = 'JUPLOAD_CONFIG_SessionManagement'
13:30:49.157 [DEBUG]             AND      value IN ('JUPLOAD_CONFIG_SessionManagement_JUpload', 'JUPLOAD_CONFIG_SessionManagement_JUploadSimplified')
13:30:49.157 [DEBUG]             
13:30:49.157 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: Using standard (Coppermine) session management
13:30:49.157 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: normal end of the function (1)
13:30:49.157 [DEBUG] You don't have permission to perform this operation.<BR><BR>If you're not connected, please <a href="login.php?referer=plugins/jupload/jupload.php">login</a> first
13:30:49.157 [DEBUG] -------- Response Body End --------
13:30:49.157 [DEBUG] HTTP status: 200 OK
13:30:49.157 [ERROR] [wjhk.jupload2.exception.JUploadExceptionUploadFailed] wjhk.jupload2.policies.CoppermineUploadPolicy.checkUploadSuccess(): The string "^SUCCESS$" was not found in the response body (wjhk.jupload2.policies.CoppermineUploadPolicy.checkUploadSuccess(): The string "^SUCCESS$" was not found in the response body)
13:30:49.157 wjhk.jupload2.exception.JUploadExceptionUploadFailed: wjhk.jupload2.policies.CoppermineUploadPolicy.checkUploadSuccess(): The string "^SUCCESS$" was not found in the response body
13:30:49.157    at wjhk.jupload2.policies.DefaultUploadPolicy.checkUploadSuccess(DefaultUploadPolicy.java:724)
13:30:49.157    at wjhk.jupload2.upload.DefaultFileUploadThread.doNonChunkedUpload(DefaultFileUploadThread.java:521)
13:30:49.157    at wjhk.jupload2.upload.DefaultFileUploadThread.doUpload(DefaultFileUploadThread.java:377)
13:30:49.157    at wjhk.jupload2.upload.DefaultFileUploadThread.run(DefaultFileUploadThread.java:295)


when i go to cpg14x_config table, and running this query above manually - nothing is returned. this is what i see in the actual table
name  value 
jupload_sessionManagement JUpload


this is from coppermine debug

/albums/userpics/codebase.php
Notice line 34: Undefined index: _GET
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include() [function.include]: Failed opening '../include/config.inc.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php')

and finally, when updating jupload configuration

SELECT user_id, user_password FROM `rcnyc_forum`.phpbb_sessions INNER JOIN `rcnyc_forum`.phpbb_users ON session_user_id = user_id WHERE session_id='b7aefb7f6a4d5f5fe3a52fad8d451d3a'; (0s)

INSERT INTO cpg14x_config (name, value) VALUES ('jupload_sessionManagement', 'JUpload') (0s)

does it insert correct values in it?



comrade

Well, it is kind of SOLVED by running this query

INSERT INTO cpg14x_config (name, value) VALUES ('JUPLOAD_CONFIG_SessionManagement', 'JUPLOAD_CONFIG_SessionManagement_JUpload')

but this has to be permanently changed in the code, when updating configuration

etienne_sf

Hi,

Hum, hum. My standard response would be: there is an easier way to do that: use the plugin management page, and go to the JUpload configuration page.
FYI: this is in the doc, and the (little) FAQ, at the end of it.

But I guess we have a real trouble here. About the 'permanent change' in the code. No, there is a problem here. The config file is not found, and the constant necessary to construct the

I don't like the line:


/albums/userpics/codebase.php
Notice line 34: Undefined index: _GET
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include(../include/config.inc.php) [function.include]: failed to open stream: No such file or directory
Warning line 41: include() [function.include]: Failed opening '../include/config.inc.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php')


The codebase.php has nothing to do in albums/userpics. Actually, there should be NO php code at all, there.
Question: Is this codebase.php file related to jupload ?
(check it: a php file here can be some kind of attack on your system, there should only be pictures there)
You don't precise the JUpload version you're using. After a quick on the last version, I don't think these warnings come from my code.

If it's jupload related: it should be in the  /plugins/jupload folder. But the ../include/config.inc.php would still be false. It should be ../../include/config.inc.php (to load the main config file) or include/config.inc.php (to load the jupload one)

BUT:
There can be link: if the jupload config.inc.php file is not found, the constants are not properly initialized, and you have to insert the JUPLOAD_CONFIG_SessionManagement, which should not appear in the config table. This is the name of a constant, whose value is sessionManagement. When not initialized (jupload.inc.php file not loaded), the value is set to JUPLOAD_CONFIG_SessionManagement.



  Can you check where is installed the jupload plugin ?


Etienne

etienne_sf

Oh, oh,

  I guess there a real problem here.

Looks like a regression. I confirm that the current version uses the ''JUPLOAD_CONFIG_SessionManagement' name, which is a bug, when receiving an upload.


I'll correct that.


Etienne

etienne_sf

Hi,

  According to my test, the attached package should correct the problem you encountered.

It should make your workaround useless.

For other people: this probably doesn't solve the error 'table doesn't exist', issued in other threads here. But a test could be nice.

Etienne