Moodle

Function download_file_content does not correctly handle headers when a proxy is used. Affects Turnitin.

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Cannot Reproduce
  • Affects Version/s: 1.9.2
  • Fix Version/s: STABLE backlog
  • Component/s: General
  • Labels:
    None
  • Environment:
    Linux
  • Difficulty:
    Moderate
  • Affected Branches:
    MOODLE_19_STABLE

Description

Function download_file_content does not correctly handle headers when a proxy is used.
Displaying variables ($fp, $data, $headers, $results) shows that an extra HTTP header is added by the proxy when the SSL goes via the proxy server (you must setup the web proxy server in the Admin > Server block).

This affects the installation of Turnitin when performing the setup via the "Site Administration" Block

  • Modules
  • Actitvities
  • Turnitin

When attempting to parse the XML tags, the following error is encountered:

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 1: parser error : Start tag expected, '<' not found in /var/www/html/moodle19/lib/turnitinlib.php on line 178

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: HTTP/1.0 200 OK in /var/www/html/moodle19/lib/turnitinlib.php on line 178

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /var/www/html/moodle19/lib/turnitinlib.php on line 178

Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /var/www/html/moodle19/lib/turnitinlib.php:178 Stack trace: #0 /var/www/html/moodle19/lib/turnitinlib.php(178): SimpleXMLElement->__construct('HTTP/1.0 200 OK...') #1 /var/www/html/moodle19/lib/turnitinlib.php(220): tii_get_xml('https://api.tur...') #2 /var/www/html/moodle19/admin/turnitin.php(61): tii_post_to_api(Array, 11, 'GET', '', false) #3 {main} thrown in /var/www/html/moodle19/lib/turnitinlib.php on line 178

Have attached patch to fix the problem which we have tested out.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Dan Marsden added a comment -

Hi Petr,

would you mind checking this out? - I'm not sure if I like the patch - obviously it will work for the reporter, but I'm unsure if it will work for all proxies - is there a better way of checking to make sure there aren't any extra headers?

thanks!

Show
Dan Marsden added a comment - Hi Petr, would you mind checking this out? - I'm not sure if I like the patch - obviously it will work for the reporter, but I'm unsure if it will work for all proxies - is there a better way of checking to make sure there aren't any extra headers? thanks!
Hide
Permalink
Maher Hassanieah added a comment -

Hello,

Tried the above patch and i still receive the same error. is there any new solution. we have a proxy server and we bypass the authentication and still we have the error.

Show
Maher Hassanieah added a comment - Hello, Tried the above patch and i still receive the same error. is there any new solution. we have a proxy server and we bypass the authentication and still we have the error.
Hide
Permalink
Howard Miller added a comment -

I can confirm this. I'm really surprised that this problem hasn't surfaced anywhere else though.

Show
Howard Miller added a comment - I can confirm this. I'm really surprised that this problem hasn't surfaced anywhere else though.
Hide
Permalink
Howard Miller added a comment -

Ok.... the SIZE_DOWNLOAD info returned by Curl appears to correctly reflect the state of the data, so what about:

Index: filelib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/filelib.php,v
retrieving revision 1.50.2.26
diff -u -r1.50.2.26 filelib.php
— filelib.php 5 Feb 2009 02:25:40 -0000 1.50.2.26
+++ filelib.php 10 Feb 2009 11:23:48 -0000
@@ -283,11 +283,9 @@
$response->error = 'Unknown cURL error';

} else {

  • // strip redirect headers and get headers array and content
  • $data = explode("\r\n\r\n", $data, $info['redirect_count'] + 2);
  • $results = array_pop($data);
  • $headers = array_pop($data);
  • $headers = explode("\r\n", trim($headers));
    + $sizedownload = $info['size_download'];
    + $headers = substr($data,0,strlen($data)-$sizedownload);
    + $results = substr($data,-$sizedownload);

$response = new object();;
$response->status = (string)$info['http_code'];

This certainly works for me. My only worry is that the header data may not now look like some other bit of Moodle might expect.

Show
Howard Miller added a comment - Ok.... the SIZE_DOWNLOAD info returned by Curl appears to correctly reflect the state of the data, so what about: Index: filelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/filelib.php,v retrieving revision 1.50.2.26 diff -u -r1.50.2.26 filelib.php — filelib.php 5 Feb 2009 02:25:40 -0000 1.50.2.26 +++ filelib.php 10 Feb 2009 11:23:48 -0000 @@ -283,11 +283,9 @@ $response->error = 'Unknown cURL error'; } else {
  • // strip redirect headers and get headers array and content
  • $data = explode("\r\n\r\n", $data, $info['redirect_count'] + 2);
  • $results = array_pop($data);
  • $headers = array_pop($data);
  • $headers = explode("\r\n", trim($headers)); + $sizedownload = $info['size_download']; + $headers = substr($data,0,strlen($data)-$sizedownload); + $results = substr($data,-$sizedownload);
$response = new object();; $response->status = (string)$info['http_code']; This certainly works for me. My only worry is that the header data may not now look like some other bit of Moodle might expect.
Hide
Permalink
Bruce Webster added a comment -

Obviously the long term fix is to get the proxy working properly with POST data and SSL.

But right now, since turnitin requires pinhole access on port 80 and 443 to work anyhow, I disabled the proxy for any turnitin stuff.

Dirty hack: Stick this at the top of turnitin.lib:
$CFG->proxyhost=''; //HACK! – turnitin SSL fails to work through web proxy, so disable it.

Works fine now.

Show
Bruce Webster added a comment - Obviously the long term fix is to get the proxy working properly with POST data and SSL. But right now, since turnitin requires pinhole access on port 80 and 443 to work anyhow, I disabled the proxy for any turnitin stuff. Dirty hack: Stick this at the top of turnitin.lib: $CFG->proxyhost=''; //HACK! – turnitin SSL fails to work through web proxy, so disable it. Works fine now.
Hide
Permalink
Michael de Raadt added a comment -

Thanks for reporting this issue.

We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

Michael d;

lqjjLKA0p6

Show
Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
Hide
Permalink
Dan Marsden added a comment -

pretty sure this was fixed in 2.0 - but if I'm missing something let me know and I'll reopen!

thanks!

Show
Dan Marsden added a comment - pretty sure this was fixed in 2.0 - but if I'm missing something let me know and I'll reopen! thanks!

People

Vote (2)
Watch (4)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.