E403 Php error while trying to download file related to setcookie() · Issue #3538 · Studio-42/elFinder · GitHub
[go: up one dir, main page]
Skip to content

Php error while trying to download file related to setcookie() #3538

New issue
New issue
Closed
Closed
Php error while trying to download file related to setcookie()#3538
@ctrlaltca

Description

@ctrlaltca
ctrlaltca
opened on Nov 14, 2022

Describe the bug
I try to download a file using elFinder clicking over the "floppy disk" icon.
I receive a file, but instead of the actual file contents it contains an html page with the following php error:

ValueError
Description
setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", or "\014"
Source File
/<hidden>/vendor/studio-42/elfinder/php/elFinder.class.php (2085)
2074:             $ua = isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT'] : '';
2075:             if (preg_match('/MSIE [4-8]/', $ua)) { // IE < 9 do not support RFC 6266 (RFC 2231/RFC 5987)
2076:                 $filename = 'filename="' . $filenameEncoded . '"';
2077:             } elseif (strpos($ua, 'Chrome') === false && strpos($ua, 'Safari') !== false && preg_match('#Version/[3-5]#', $ua)) { // Safari < 6
2078:                 $filename = 'filename="' . str_replace('"', '', $file['name']) . '"';
2079:             } else { // RFC 6266 (RFC 2231/RFC 5987)
2080:                 $filename = 'filename*=UTF-8\'\'' . $filenameEncoded;
2081:             }
2082:         }
2083: 
2084:         if ($args['cpath'] && $args['reqid']) {
2085:             setcookie('elfdl' . $args['reqid'], '1', 0, $args['cpath']);
2086:         }
2087: 
2088:         $result = array(
2089:             'volume' => $volume,
2090:             'pointer' => $fp,
2091:             'info' => $file,
2092:             'header' => array(
2093:                 'Content-Type: ' . $mime,
2094:                 'Content-Disposition: ' . $disp . '; ' . $filename,
2095:                 'Content-Transfer-Encoding: binary',
2096:                 'Content-Length: ' . $file['size'],
2097:                 'Last-Modified: ' . gmdate('D, d M Y H:i:s T', $file['ts']),

Stack Trace
#0 /<hidden>/vendor/studio-42/elfinder/php/elFinder.class.php(2085): setcookie()
#1 /<hidden>/vendor/studio-42/elfinder/php/elFinder.class.php(1210): elFinder->file()
#2 /<hidden>/vendor/studio-42/elfinder/php/elFinderConnector.class.php(160): elFinder->exec()
#3 /<hidden>/TElFinderService.php(288): elFinderConnector->run()

I started to receive this error after I upgraded from php 7.4 to php 8.1.
The actual request that led to this error is:

{
	"GET": {
		"scheme": "http",
		"host": "192.168.1.1",
		"filename": "/app/elf,/ids%5B%5D,2015/u,2/h,efd02d53c2570cd74270f8a2848ec8f0/a,1",
		"query": {
			"cmd": "file",
			"target": "l1_NjAtZGVwb3NpdG8gcmVsYXppb25lL1JlbGF6aW9uZS5wZGY",
			"_t": "1667580118",
			"download": "1",
			"cpath": "/app/page,Pages.Aaa.Bbbb/id,904",
			"reqid": "184766b01973e3"
		},
		"remote": {
			"Indirizzo": "192.168.1.10:80"
		}
	}
}

I see that the "cpath" parameter contains the current page URL.
In my case the path contains a comma, that is not a valid character in a cookie definition; the same applies to spaces and semicolons.
I'm not sure about the solution, I guess the url could be encoded before being use in the cookie?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0