Contrib.social

Do not use the .php extension in mtime protected storage to work around bogus PHP extensions

Open on Drupal.org β†’
Created on 18 June 2020, over 4 years ago
Updated 18 February 2023, about 2 years ago

Problem/Motivation

Some users report when clearing a cache or opening module page

Fatal error: Illegal length modifier specified 'f' in s[np]printf call in /core/lib/Drupal/Component/PhpStorage/MTimeProtectedFastFileStorage.php on line 88

in the mtime protected storage.

Steps to reproduce

No reliable reproduction steps have emerged.

Proposed resolution

Change the extension in MTimeProtectedFastFileStorage::getFullPath which is confirmed in #79 to avoid the problem. AFAIK include does not rely on file extension, the PHP engine is already off for the files directory so it's not like we ever wanted to load these from a browser. The security of the system relies on the file names being unguessable already.

Remaining tasks

Please give commit credit to Peter Pulsifier who came up with the idea.

User interface changes

API changes

Data model changes

Release notes snippet

πŸ“Œ Task
Status

Needs work

Version

10.1 ✨

Component
BaseΒ  β†’

Last updated about 13 hours ago

Created by

ayushst

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request β†’ as a guide.

    Know it seems difficult to pinpoint the steps to reproduce but think we will really need them before moving forward. Still needs security review though.

  • Status changed to Postponed: needs info about 2 years ago
  • Comment about 2 years ago β†’
    πŸ‡¬πŸ‡§United Kingdom longwave UK

    As we've not had any further reports of this in over a year, it seems likely the problem is resolved and Drupal core does not need to make any changes.

    Marking as postponed for now; if there are no further reports within six months then I think this issue can be closed.

  • Status changed to Closed: outdated 8 days ago
  • Comment 8 days ago β†’
    πŸ‡¬πŸ‡§United Kingdom longwave UK

    No more reports in two years, closing as outdated.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024