0003894: Maximum String length of 8KB breaks phorum.org forum software

Mantis - Quercus
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
3894		block	always	02-18-10 07:36	06-22-12 00:04

Reporter:	domdorn	Platform:
Assigned To:	nam	OS:
Priority:	high	OS Version:
Status:	closed	Product Version:	4.0.11
Product Build:		Resolution:	unable to reproduce
Projection:	none
ETA:	none	Fixed in Version:

Summary:	0003894: Maximum String length of 8KB breaks phorum.org forum software
Description:	the file in each current phorum.org installation phorum5/include/templates.php contains a method: [code] function phorum_read_file($file) { // Check if the file exists. if (! file_exists($file)) trigger_error( "phorum_get_file_contents: file \"" . htmlspecialchars($file) . "\" " . "does not exist", E_USER_ERROR ); // In case we're handling a zero byte large file, we don't read it in. // Running fread($fp, 0) gives a PHP warning. $size = filesize($file); if ($size == 0) return ""; // $data = readfile($file); // return $data; // Read in the file contents. if (! $fp = fopen($file, "r")) trigger_error( "phorum_get_file_contents: failed to read file " . "\"" . htmlspecialchars($file) . "\"", E_USER_ERROR ); // Strip UTF-8 byte order markers from the files. These only mean // harm for PHP scripts. $data = ''; if ($size >= 3) { $data = fread($fp, 3); if ($data == "\xef\xbb\xbf") { $data = ''; } $size -= 3; } // Read the rest of the file. if ($size > 0) { $data .= fread($fp, $size); } fclose($fp); // code inserted by me start $realFileSize = filesize($file); $readFileSize = 0; mail("removed@host.com", "readfile: $file", "realFileSize: $realFileSize \n Size of read file: $readFileSize\n\n", "From: mymail@myhost.com"); // code inserted by me end return $data; } [/code] supplied with an example file which I'll attach here, quercus only reads exactly 8192 Bytes of that file and deletes the rest which leads to errors.
Steps To Reproduce:
Additional Information:	I'm running current trunk in revision 6775 on Glassfish v3. The received mail states: realFileSize: 9537 Size of read file: 8192
Relationships
Attached Files:	0i82.qa [^] (817 bytes) 09-28-10 07:50

Notes

Ok, I created a testcase for this, modified the code like that:
function phorum_read_file($file, $quercus_max_read_size_at_one_time)
{
    // Check if the file exists.
    if (! file_exists($file)) trigger_error(
        "phorum_get_file_contents: file \"" . htmlspecialchars($file) . "\" " .
        "does not exist",
        E_USER_ERROR
    );

    // In case we're handling a zero byte large file, we don't read it in.
    // Running fread($fp, 0) gives a PHP warning.
    $size = filesize($file);
    if ($size == 0) return "";

// $data = readfile($file);
// return $data;
    // Read in the file contents.
    if (! $fp = fopen($file, "r")) trigger_error(
        "phorum_get_file_contents: failed to read file " .
        "\"" . htmlspecialchars($file) . "\"",
        E_USER_ERROR
    );
    // Strip UTF-8 byte order markers from the files. These only mean
    // harm for PHP scripts.
    $data = '';
    if ($size >= 3) {
        $data = fread($fp, 3);
        if ($data == "\xef\xbb\xbf") {
            $data = '';
        }
        $size -= 3;
    }
    ;
    // Read the rest of the file.
    while($size > 0)
    {
        $remainingSize = $size > $quercus_max_read_size_at_one_time ? $quercus_max_read_size_at_one_time : $size;
        $data .= fread($fp, $remainingSize);
        $size -= $remainingSize;
    }
// if ($size > 0 ) {
//
// $data .= fread($fp, $size);
// }
    fclose($fp);

    return $data;
}

quercus returns the correct result only if $quercus_max_read_size_at_one_time is set to 8189, while php returns the correct result with every number > 0

I've created the output for quercus and with native php and put it all runnable into the attached tar.gz file. Please fix asap. I can patch the forum code for now, but I don't know where this issue is still hidden in other php software and no one has the time and knowledge to manually fix it.