InvalidParameterException Part 2

I am moving this everyone's very favorite topic here because the other topic was getting too lenghty for reading thru...

I am getting my brains tied up with the UserName sanitize string and the MySql mysql_real_escape_string () function

I want to try some tests to determine whether my assumptions are correct or smoke in the dark;;;-)

 

  • I've done some simple debugging code to try and find more information on this problem. The code is un-tested.. so if it breaks ( I do have bad typing skills;-O) , just let me know..

    As you can see I have coded a send-mail code block using php's buitlin mailer at the error point of "InvalidParameterException:MissingOwner".

    I have taken this email rather than logging because I figure this will be more real-time and the admin@YourSite.com will know immediately when the "InvalidParameterException:MissingOwner" happens. And hopefully some useful data will be in the Email debug message.

    Anyone brave enough to try this debugging hack.. please go ahead and keep me posted. We might just be able to figure this all out together ;-)

    This code goes into filestore.php

    <?php

    public function getFilenameOnFilestore(ElggFile $file)
    {
        $owner = $file->getOwnerEntity();
        if (!$owner)
            $owner = get_loggedin_user();
        if ((!$owner) || (!$owner->username))
        {
    //------------------------------------------------------------------------------
        $postvars="";
        foreach( $_POST as $k => $v)
        {
            ${$k} = $_POST["$k"];
            $postvars.=$k . " / " . $v . " / \n ";
        }
        mail(
            "--PUT--YOUR--EMAIL--ID--HERE--@gmail.com"
           ,"(1) getFilenameOnFilestore()"
           ,"(1) getFilenameOnFilestore ( ElggFile ) \n"
               . "[ "
               . $_SERVER["REQUEST_URI"] . " / \n"
               . $file->dir_root . " / \n"
               . $file->filename . " / \n"
               . get_loggedin_user() . " / \n"
               . " ]" . " / \n"
               . $postvars
               ."::::END:::"
            );
    //------------------------------------------------------------------------------
            throw new InvalidParameterException(elgg_echo('InvalidParameterException:MissingOwner'));
        }
        return $this->dir_root . $this->make_file_matrix($owner->username) . $file->getFilename();
    }

    ?>

  • Just seen this as i have been sleeping most of the day and dreaming of elgg

    Can we try this on some kind of a test site and then try to break it. I have too many test sites anyway

    If so what would be your suggestion on the best way to run the test

    We could set a site to instant access etc or couldn't we run some auto code to add users I think their maybe a plugin to add fictiousous accounts

    for obvious reasons we could not run this on our live site

     

  • Dhrup I think I understand what the code does but could you explain it in ENGLISH (Dutch or German)

  • Well.. good morning amigo ;-O

    Add Users... ? same code i used to migrate yr kids - with numerous hardcoded user names....

    One key factor is -- I think we need that debug on a real site that the Parameter Exception errors.. because i might be a little difficult to re-create the error situation on just a test site... No Parameter Exception means no debugging  messages... unles we create users, create user's groups, then delete user and see what happens...

    I'd like to see feedback from the others who have had this same problem. It will help if more people want to give their time to this problem...

     

  • I've copied the last few relevant posts from Part 1 and 1a into here....

    Dhrup
    2 days ago

    Try

    http://community.elgg.org/mod/members/index.php?offset=12137

    then

    http://community.elgg.org/mod/members/index.php?offset=12138

    ;-)

     I believe the offset=NN might have something to do with the problem.. but needs a mucho closer look....

    batanggenyo
    21 hours ago

    hi malaga...i think my faulty member is in offset=30. i receive same error when i view it. i can view all my members except those who are in this offset.  by the way, i have 190+ members. my site is www.themabiniacademy.com

    image


    Malaga Jack
    a minute ago

    @batanggenyo

    As your membership increases this error page will move further down the list.

    We have learned to live with this bug/fault anomaly whatever you want to call it

    We are doing some research on it in Dhrup's group hackers Elggalaxy  you should join it's a very interesting group

    The major problem with most sites is that they have a listing of latest members on their opening page. When this bug hits it will break your login page, if you list latest members on it.

    My suggestion is to only list members that have uploaded a picture that way you should be able to side step this bug on your login page if it happens again.

    Also if you have the widget, latest members, It will break anyone's profile if the widget is not set to display members with profile pictures. (when this bug hits) This is not a bug in the widget, but the exception being thrown by elgg. I like this widget so am going to keep it however I am going to hard code it so that it can only show members that have uploaded a pic

     

  • I got this issue, it's because a user was deleted wrong. during an update or deleted from the database but not from the site or vice versa. I had seen a post that Cash has some code to add to the error to show which user guid was causing it. don't remember right now. will look tomorrow.

  • Having the GUID only means that we need to go to PhpMyAdmin and browse the database looking for that entity by GUID #. More debug data will make it easier to locate the bad data.


    (1)

    Seeing as how this function "getFilenameOnFilestore(ElggFile $file)" seems to be generating the InvalidParameterException:MissingOwner error.

    In the case of an error
        "throw new InvalidParameterException(elgg_echo('InvalidParameterException:MissingOwner'));

    The mail code will email you the error condition with all the relevant data, not just the GUID,
    but also the owning UserName which does not exist any more so that we have reasonable data
    with which to debug and locate the offending data :=
    //------------------------------------------------------------------------------
        $postvars="";
        foreach( $_POST as $k => $v)
        {
            ${$k} = $_POST["$k"];
            $postvars.=$k . " / " . $v . " / \n ";
        }
        mail(
            "--PUT--YOUR--EMAIL--ID--HERE--@gmail.com"
           ,"(1) getFilenameOnFilestore()"
           ,"(1) getFilenameOnFilestore ( ElggFile ) \n"
               . "[ "
               . $_SERVER["REQUEST_URI"] . " / \n"
               . $file->dir_root . " / \n"
               . $file->filename . " / \n"
               . get_loggedin_user() . " / \n"
               . " ]" . " / \n"
               . $postvars
               ."::::END:::"
            );
    //------------------------------------------------------------------------------

    The idea of sending an email with the debug data means we don't have to go looking for the error logs, etc. The "Error Log" is sent to the admin via email in real-time.

    A few other fields have been added current URI, POST vars which can tell the admin more details -- who, how, where , what --  was happening at the time of the error.

    We need a live site where this problem happens reasonably frequently to get meaningful debug data.

    Could also write some php code to scan Elgg File entities for groups and look for missing owners just as filestore.php --> entities.php does it and print out anomalies.

     

     

     

  • This is interesting

    go here and type Master Jack (not malaga) into the member name search, then click the icon that appears

    http://community.elgg.org/mod/members/index.php

  • "  Sorry; we could not find the specified profile. "

    Now..
    you gotta tell me what you've done to get this situation.
    also the UserName does look like it should be illegal.

    get_user_by_username() is failing even though the member name search succeeds.

    we may be on to something here...