HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


v9.0.9 - Problem updating member profile

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#100338 (In Topic #19694)
Avatar

Community saint

I just did a fresh install of v9.0.9 and am getting an You did not provide an upload, or you tried to upload a file that is too large error when I try to save changes to my profile.

Expand:


Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100341
Avatar

Hi,

I think you don't have GD installed. This is part of the requirements, but we try and support it when it's not there, so will consider this a bug. Looking into it :).
Meanwhile, you'll probably want to install it – my guess is you didn't realise it wasn't on.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100342
Avatar

Okay, so the problem is we're relying on the "Use GD image library" option to be set to off if GD is not there, in this particular case.

So you can turn that option off, and it should start showing a field to upload the photo thumbnail.

But what you really want to do is enable GD.

As a side-note I think this config option is silly. We'll remove it in v10 - we can detect GD automatically, there's no need for an option.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100350
Avatar

Community saint

GD is installed. PHP Info reports:
GD Support  enabled  
GD Version  bundled (2.1.0 compatible)  
FreeType Support  enabled  
FreeType Linkage  with freetype  
FreeType Version  2.3.11  
GIF Read Support  enabled  
GIF Create Support  enabled  
JPEG Support  enabled  
libJPEG Version  6b  
PNG Support  enabled  
libPNG Version  1.2.49  
WBMP Support  enabled  
XPM Support  enabled  
libXpm Version  30411  
XBM Support  enabled  

Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0



Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100352
Avatar

That's odd. What happens if you type this into OcCLE:

Code

:echo function_exists('imagetypes')?'has gd':'does not have gd';

Unless I'm mistaken somehow the error is happening from inside a code block like…

Code

if (!function_exists('imagetypes'))
{
   ...
}
And imagetypes is a core GD function since PHP 4.0.2.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100360
Avatar

Community saint

The problem is:

Code

if ((get_option('is_on_gd')=='0') || (!function_exists('imagetypes')))   
Its matching the first part of the test because the option is_on_gd is set to 0 by default even though the GD library actually exists.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100365
Avatar

Hmm, ok, that sounds like I got the problem backwards.

It would default to off if GD was not initially detected. Did you install it later maybe?

Do things now work okay if you enable that option?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100367
Avatar

Community saint

Chris Graham said

Did you install it later maybe?
Nope! It was a fresh install 2 days ago, and I've done next to nothing with it since.

And looking at config_default/is_on_gd.php  & admin_config.php it should have defaulted to 1.

The only unusual thing about this particular install was that It was installed while I was having mod_security issues (I had absolutely no rules whitelisted).

I can't think of any reasons why that might cause a problem, but its the only abnormality I can think of.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100382
Avatar

Ok, thanks for your help :).

I have just tested with is_on_gd off on the latest v9 git version, and it was okay. So I think the issue must be fixed now.

I doubt we'll find out why is_on_gd defaulted to off for you, but I think it must have been some unusual circumstance, probably not a bug.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100393
Avatar

I just had a customer have GD disappear from their server, after a new PHP build. I cannot correlate this to the timing of a PHP release (the new build was an old release), or to any particular Linux distribution's rollout policy, but I'd say the same may have happened on what you're on, for a time interval. So GD was not there, then it was, during the course of your debugging.

You'll probably tell me it's your server and that's not true, but I thought it a possibility worth mentioning :D.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100431
Avatar

Community saint

Chris Graham said

You'll probably tell me it's your server and that's not true.
It's my server and is not true.

Expand:


Its actually more interesting. That fresh install basically didn't have any settings. i.e.

Code

Maximum users = 0
Maximum monthly bandwidth = 0
Low disk space =0
Unzip directory = blank
Unzip command = blank
Block cache = unchecked
Template cache = unchecked
Comcode page cache = unchecked
Language cache = unchecked

I trashed that copy and did another fresh install and all the configs seem to be set correctly now, including GD library.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100440
Avatar

lol.

Okay, I wonder if this could have been something like modsecurity, wiping out post data when a config form was submitted.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100441
Avatar

Community saint

Possible, but I would have thought that the post would not get through so it effectively never took place, rather then arrived empty.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100442
Avatar

The suhosin parameter limits and PHP's max_input_vars will actually silently throw stuff away (ridiculous I know…). I've not seen modsecurity do it, but it would not surprise me ;).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100443
Avatar

Community saint

Well after the 1st install I was getting the suhosin warnings you recently added and before I did the 2nd install suhosin was disabled on my account.

So as I had both modsecurity and suhosin issues at the time of the 1st install, who knows what the true cause was.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100444
Avatar

Ok, I think problem solved actually then -- if there were suhosin warnings, suhosin would have indeed cropped the form and ocPortal would have thought the values had been blank.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100445
Avatar

Community saint

So ocPortal doesn't check if the fields were actually received, it just assumes they were because they were on the form when it went out?

Given the level of corruption we now see that it can cause, shouldn't suhosin warning now be upgraded to error/stop so that it prevents a corrupt form from being submitable?

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100460
Avatar

So ocPortal doesn't check if the fields were actually received, it just assumes they were because they were on the form when it went out?

Unfortunately this is not possible in the general case because HTML checkboxes submit nothing if unchecked. One can remedy it by pairing them up with a hidden field, but too many fields is what we also have to be avoiding :(. I suppose we could add another field right at the end of the form and detect if that survives, but I'm not comfortable implementing that for all forms (bloat) – I am much more comfortable with the suhosin stuff dealt with in one place in the framework.

Given the level of corruption we now see that it can cause, shouldn't suhosin warning now be upgraded to error/stop so that it prevents a corrupt form from being submitable?

We'll add this line to it "This can include corrupting data of forms you post, breaking what you are editing.".

I'm not really comfortable putting a hard block inside ocPortal because Suhosin isn't official: I don't think we should second guess something outside the official ecosystem to that kind of harsh extent.


Gosh, the dynamic between these 'security layers' and web hosts annoy me. Any PHP host using it should have asterisks next to their PHP support that says that functionality has been limited by Suhosin, an unofficial modification to the language.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100464
Avatar

Community saint

Chris Graham said

Unfortunately this is not possible in the general case because HTML checkboxes submit nothing if unchecked.
Oh, that's right, that really shows you how long its been since I've done any form processing :( .

Chris Graham said

I suppose we could add another field right at the end of the form and detect if that survives, but I'm not comfortable implementing that for all forms (bloat)
Don't most forms go through just a handful of entry points, so just a few places to check?

And even if they didn't would the bloat be down to just adding a simple exitOnCorruptForm() call at the start of form processing?

Chris Graham said

 – I am much more comfortable with the suhosin stuff dealt with in one place in the framework.
Ideally yes, but given the royal stuffup that can result otherwise I think this falls into the category or safety over simplicity.

Chris Graham said

I'm not really comfortable putting a hard block inside ocPortal because Suhosin isn't official: I don't think we should second guess something outside the official ecosystem to that kind of harsh extent.
Suhosin may be unofficial but it sure is very common.

It may be harsh, but its a dependency for safe operation of an ocPortal site.

I'd even go so far as having a daily check in the cron bridge to email the admin when it detect problems with Suhosin so as to be as pre-emptive as possible.



Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100466
Avatar

I've added to the tracker to do the CRON thing. That's a really nice idea, as web hosts do muck up config occasionally.

Don't most forms go through just a handful of entry points, so just a few places to check?

And even if they didn't would the bloat be down to just adding a simple exitOnCorruptForm() call at the start of form processing?

There are a few form templates that would need editing. I really wouldn't want a situation where a themer takes it out when building a theme from static files and no forms submit and it being really hard to work out why ;). Or, old overridden form templates not work. Plus I just generally don't want really obscure stuff in the templates: the less people can think about, the better.

It may be harsh, but its a dependency for safe operation of an ocPortal site.

Well, we could have weird situations pop up as suhosin evolves, e.g. having the suhosin options come through set low, but controlled by a new flag that could them as off (that was just a random example). I wouldn't want a situation where all old ocPortal versions stopped working because of a change like that (the suhosin guys aren't going to think about backwards compatibility as much as people on the official PHP stream would).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Expand