Package Manager problem found. Fixed!! Patch inside!

[asymmetric]

I posted this in the other thread, but at 34 pages, I'm not sure if you're keeping tabs on it or not.. I have however found the problem, and it's not a server/php configuration issue -- it's a bug in Sources/Subs-Package.php.  Here is my quoted post from the other thread, I apologize in advance for the dupe.

--snippage--

Since 1.1.2 I cannot "download" packeages with the package manager, I always get the "This package is not comaptible woth your version or is corrupt" message, but if I download them from the mod site then use the upload facility, they work fine ?

Any thoughts ?

I am having the same problem, on a fresh install of SMF 1.1.2, on my own (not shared etc) server.  PHP is not running in safe_mode, and allow_url_fopen is on in php.ini.

I have narrowed the problem down to this simple fact, and would appreciate any ideas on a fix..

When trying to fetch the package to verify it, the code in Sources/Subs-Package.php, function "fetch_web_data", issues a hand-crafted HTTP GET of the specified file..

It ONLY works if the server returns a 200.

Well, ALL the download links point to "http://mods.simplemachines.org/...." and they all respond with a 301 - Permanently Moved and redirect (works in a normal browser) "http://custom.simplemachines.org/..."

Of course, that causes the function to simply return false right there, and that's all she wrote.  Installation fails because this hand-crafted HTTP GET function does not understand how to deal with HTTP redirects.

Somebody at SMF decided to do this, renaming 'mods' to 'custom', not knowing they were going to break every install of SMF, which they did, because of this lunatic method of getting files to "get around" allow_url_fopen();

No, not crazy, and it's not any of "our" fault....

Unknown.. Paging unknown..

I will try to come up with a patch myself since this is really crippling getting this fresh install going with the packages I want..

(edit: They return a 301, not a 302, but same thing.  It's not a 200 or 201 which are the only HTTP responses this function knows how to deal with.  It dies on anything else.)

[asymmetric]

Ok, here's a patch to Sources/Subs-Package.php in unidiff format, it works for me and adds HTTP 3xx support.

What it does is looks for a 3xx (actually 301, 302, 303, 307) if a 200 or 201 are not returned.  If it finds one, it looks for a Location: header.  If the Location header is found, the function recurses (calls itself) with the value of the Location: header as the new URL to download.

Failing all the above, it simply returns false as usual.

.diff is an attachment as it is important to preserve the difference between spaces and tabs.  Here's what it looks like if you want to roll your own though:

Code Select Expand


--- Sources/Subs-Package.php.orig       Mon Mar 19 21:14:16 2007
+++ Sources/Subs-Package.php    Mon Mar 19 21:33:44 2007
@@ -2189,7 +2189,23 @@
                // Make sure we get a 200 OK.
                $response = fgets($fp, 768);
                if (strpos($response, ' 200 ') === false && strpos($response, ' 201 ') === false)
-                       return false;
+               {
+                       // handle http redirects (some of them anyway)
+                       if (preg_match('/ 30[1237] /', $response) != 0)
+                       {
+                               while (!feof($fp) && trim($header = fgets($fp, 4096)) != '')
+                               {
+                                       if (preg_match('/location:\s+([a-zA-Z0-9\:\/\._-]+)/i', $header, $match) != 0)
+                                       {
+                                               // lets get recursive.
+                                               return fetch_web_data($match[1], '', $keep_alive);
+                                       }
+                               }
+                               return false; // default out
+                       } else {
+                               return false;
+                       }
+               }

                // Skip the headers...
                while (!feof($fp) && trim($header = fgets($fp, 4096)) != '')


[KGIII]

Thanks for letting us know what worked for you - I have gone ahead and posted a link to this in the dev team section. I will mark this as solved but hopefully they will come look and comment on it when they get the time to compare.

[Oldiesmann]

Easiest way to fix the issue is to update the URL for that package server, which can be done by running this query in phpMyAdmin:

Code Select Expand

UPDATE smf_package_servers SET url='http://custom.simplemachines.org/mods' WHERE name='Simple Machines Third-Party Mod Site';

Thanks for the report though. I'll look into posting a sticky about this somewhere so others who are having the same problem will know how to fix it.

[asymmetric]

Easiest way to fix the issue is to update the URL for that package server, which can be done by running this query in phpMyAdmin:

Code Select Expand

UPDATE smf_package_servers SET url='http://custom.simplemachines.org/mods' WHERE name='Simple Machines Third-Party Mod Site';

Thanks for the report though. I'll look into posting a sticky about this somewhere so others who are having the same problem will know how to fix it.

Any chance of getting it rolled into the release or next patch kit?  The problem in the function is still real, and any other sites that people use to get packages from will suffer as well if they go through a similar DNS change.  All around I think it would just be better if it supported the 3xx codes..

[Oldiesmann]

I'll talk to the devs about this and see what they want to do. It's not really a security issue, so I doubt they'll have a problem with it.

[asymmetric]

Just bumping to see if there's been any movement on this from the dev side..

[Sebastyne]

Easiest way to fix the issue is to update the URL for that package server, which can be done by running this query in phpMyAdmin:

Code Select Expand

UPDATE smf_package_servers SET url='http://custom.simplemachines.org/mods' WHERE name='Simple Machines Third-Party Mod Site';

Thanks for the report though. I'll look into posting a sticky about this somewhere so others who are having the same problem will know how to fix it.

This worked like a charm!

[llockejr]

Easiest way to fix the issue is to update the URL for that package server, which can be done by running this query in phpMyAdmin:

Code Select Expand

UPDATE smf_package_servers SET url='http://custom.simplemachines.org/mods' WHERE name='Simple Machines Third-Party Mod Site';

Thanks for the report though. I'll look into posting a sticky about this somewhere so others who are having the same problem will know how to fix it.

This post solved my issue, thanks again.