News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SMF 2.0 security - What PHP script (if any) might cause a 600 second timeout?

Started by archiebald, June 23, 2011, 06:45:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

archiebald

June 23, 2011, 06:45:58 PM
NOTHING HAS CHANGD ON MY SERVER SO PLEASE DON'T MOVE THIS.

My forum is used for transferring large files up to 200MB that can take more than 1-2 hours depending on my members download speeds..

In SMF 1.113 I had all the necessary timeouts set up on the server to allow this.

After the upgrade to SMF 2, I have downloads being cut off at exactly 10 minutes - 600 seconds.

QUESTION - is there anything in the php scripts of SMF with regard to improved security in either SMF 1.1.13 and more particularly in SMF 2.0 that might cause this.

Server is Win 2003 with IIS6

archiebald

#1
June 23, 2011, 09:16:38 PM Last Edit: June 23, 2011, 09:29:31 PM by archiebald
JUST AS I THOUGHT!!!!! ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D

JUST SPENT 14 hours working on this problem and I am not amused!!!!

I installed a clean version of my previous SMF vesion1.1.14 on my server which runs under the exact same PHP.ini settings as my 2.0 setup.

Files of up to 192MB can be uploaded and downloaded with no trouble. (no surprise because that is how I had the server set up).

So now I knew it was a problem specific to something in SMF 2.0.

Then by accident, I found the php-errors.log file on my server and took a look through it.  WOW, wonderful stuff!!!

Here is the incriminating evidence.... Multiple lines of the same error....

[23-Jun-2011 17:03:48] PHP Fatal error:  Maximum execution time of 600 seconds exceeded in C:\Inetpub\wwwroot\forum\Sources\Display.php on line 1438

So I took a look at Display.php and what should I find on line starting from line 1401 to line 1441 but....
Code Select
// Try to buy some time...
@set_time_limit(600);

// Recode line endings for text files, if enabled.
if (!empty($modSettings['attachmentRecodeLineEndings']) && !isset($_REQUEST['image']) && in_array($file_ext, array('txt', 'css', 'htm', 'html', 'php', 'xml')))
{
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false)
$callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r\n", $buffer);');
elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') !== false)
$callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r", $buffer);');
else
$callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\n", $buffer);');
}

// Since we don't do output compression for files this large...
if (filesize($filename) > 4194304)
{
// Forcibly end any output buffering going on.
if (function_exists('ob_get_level'))
{
while (@ob_get_level() > 0)
@ob_end_clean();
}
else
{
@ob_end_clean();
@ob_end_clean();
@ob_end_clean();
}

$fp = fopen($filename, 'rb');
while (!feof($fp))
{
if (isset($callback))
echo $callback(fread($fp, 8192));
else
echo fread($fp, 8192);
flush();
}
fclose($fp);
}
Notice the first two lines....
// Try to buy some time...
@set_time_limit(600);

And in 1.1.14 the same line of code is....
Code Select
// Try to buy some time...
@set_time_limit(0);

Resetting line 1402 back to zero solved the problem entirely in my 2.0 forum.

So, it seems to me that for whatever reason SMF2.0 is being hobbled to 10 minutes of download time.  Important piece of info for anyone that like me uses their forum with big attachments.

REQUEST - PLEASE DON'T HARD CODE TIME LIMITS - PLEASE PUT THEM IN THE ADMIN SETTINGS IN THE NEXT RELEASE.

Print
Go Up Pages1
User actions
Advertisement: