Avatar

Message for upgradeable version in the admin panel (Technics)

by Auge ⌂, Monday, April 16, 2018, 13:29 (2174 days ago)

Hello

I see a weird status of the upgrade-message in a MLF-based forum. The text in the box states, that I can download the version 2.4.8 even the box above states, that the newer version 2.4.9 is installed.

[image]

In my own forum on projekt-mlf.de the messages are correct because I didn't perform the update.

[image]

The wrong message is no showstopper, nevertheless I'm curious why this happens. :-)

Weird, weird, weird ...

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Monday, April 16, 2018, 14:01 (2174 days ago) @ Auge

Hi,

I update the forum software yesterday(?).

On my own forum, a wrong URI is shown, i.e.:

https://github.comhttps//github.com/ilosuna/mylittleforum/releases/tag/2.4.9

on another forum, I have the same problem like here (wrong version number). Maybe, there is a problem with the "uri parser"?!

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Auge ⌂, Monday, April 16, 2018, 19:38 (2173 days ago) @ Micha

Hello

On my own forum, a wrong URI is shown, i.e.:

https://github.comhttps//github.com/ilosuna/mylittleforum/releases/tag/2.4.9

I can confirm the issue after a view into my forum (code is taken from the backup function).

'last_version_check', '2.4.9', '2018-04-16 03:04:53' // the check was made on schedule
'last_version_uri', 'https://github.comhttps://github.com/ilosuna/mylittleforum/releases/tag/2.4.9', '' // I've also a broken URL

Maybe, there is a problem with the "uri parser"?!

Obviously it is. :-(

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Monday, April 16, 2018, 21:11 (2173 days ago) @ Auge

Hi,

okay, Github seems change the feed. Our current code is:

$baseURI = "https://github.com";
// ...
$release = (object) array(
 'title'   => (string)$title[0],
 'content' => (string)$content[0],
 'version' => (string)$lastVersion,
 'uri'     => $baseURI . (string)$releaseURI[0]->href
);

The $baseURI is set on top of the uri. In the previous version of the feed, the $releaseURI[0]->href was a relative uri, but now, it is an absolute one. Thus, I remove the variable in #372.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Auge ⌂, Tuesday, April 17, 2018, 07:07 (2173 days ago) @ Micha

Hello

okay, Github seems change the feed. Our current code is:

I remove the variable in #372.

Thank you. The issue with the unreliable actualisation stays unsolved at the moment, doesn't it?

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Tuesday, April 17, 2018, 07:24 (2173 days ago) @ Auge

Hi,

The issue with the unreliable actualisation stays unsolved at the moment, doesn't it?

Yes, if you 2.4.9 is installed but 2.4.8 is shown in admin panel. The function getExternalResource($url) returns false.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Auge ⌂, Tuesday, April 17, 2018, 08:13 (2173 days ago) @ Micha

Hello

The issue with the unreliable actualisation stays unsolved at the moment, doesn't it?


Yes, if you 2.4.9 is installed but 2.4.8 is shown in admin panel. The function getExternalResource($url) returns false.

Ah, it's not an issue wit the execution of the function itself but with it's return value. So it's a low-pressure-issue (IMHO). Thank you for your investigation.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Tuesday, April 17, 2018, 08:26 (2173 days ago) @ Auge

Hi,

Ah, it's not an issue wit the execution of the function itself but with it's return value. So it's a low-pressure-issue (IMHO). Thank you for your investigation.

Yes. Two problems occur: 1. the uri in atom feed was changed and 2. we have a problem with out function that reads external resources. The first one is solved (until github changed the content). The second one is new - maybe a HTTPS issue - and needs further investigations.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Tuesday, April 17, 2018, 19:40 (2172 days ago) @ Auge

Hi,

I start a test on my local WAMP installation. All three implementations in getExternalResource($url) works fine and return the feed content - ignore my comment.

I analysed the function and I believe, I found the reason of the problem. The critical line is:

if ($lastVersion != $currentVersion && $updateDateOfActualVersion > $updateDateOfInstalledVersion) {

$currentVersion contains the current installed version of the software and $lastVersion contains the last available version on github. If the forum is updated before the daily schedule was run, the if-condition fails (because of '2.4.9' != '2.4.9' --> false). The same problems exists on the condition of $updateDateOfActualVersion and $updateDateOfInstalledVersion. Whereas $updateDateOfActualVersion contains the date of the last available version on github, $updateDateOfActualVersion contains the date of installed version - taken from the feed, too. This condition also return false, if the forum is updated before the daily schedule was run.

We should remove the condition or using a further function argument, that contains the last version of the 'temp_infos' table (in addition to the installed version number). If we remove the condition, a sql update runs every day, i.e. the following code is executed

if ($latestRelease !== false) {
    @mysqli_query($connid, "INSERT INTO ".$db_settings['temp_infos_table']." (`name`, `value`, `time`) VALUES ('last_version_check', '" . mysqli_real_escape_string($connid, $latestRelease->version) . "', NOW()) ON DUPLICATE KEY UPDATE `value` = '" . mysqli_real_escape_string($connid, $latestRelease->version) . "', `time` = NOW();");
    @mysqli_query($connid, "INSERT INTO ".$db_settings['temp_infos_table']." (`name`, `value`) VALUES ('last_version_uri', '" . mysqli_real_escape_string($connid, $latestRelease->uri) . "') ON DUPLICATE KEY UPDATE `value` = '" . mysqli_real_escape_string($connid, $latestRelease->uri) . "';");
   }

In my opinion, it is a reasonable change.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Wednesday, April 18, 2018, 07:59 (2172 days ago) @ Micha

Hi,

an alternative way is to update the 'temp_infos' table within the forum update routine. To force the daily schedule, we can set the 'date' to zero.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Auge ⌂, Friday, April 20, 2018, 09:46 (2170 days ago) @ Micha

Hello

I will stay off during the next days because of a medicinal issue. Thatswhy my approvements and further thoughts only in short.

I analysed the function and I believe, I found the reason of the problem. The critical line is:

if ($lastVersion != $currentVersion && $updateDateOfActualVersion > $updateDateOfInstalledVersion) {

$currentVersion contains the current installed version of the software and $lastVersion contains the last available version on github. If the forum is updated before the daily schedule was run, the if-condition fails (because of '2.4.9' != '2.4.9' --> false).

If I understand your words, this is the comparision to decide if the new values (version number and date) should be stored in the temp-settings-table? It seems wrong to me if the value get's compared with (only?) the installed version instead with the old value in the temp-settings-table (with the exception of no run of this check and therefore no value in the temp-settings-table).

The same problems exists on the condition of $updateDateOfActualVersion and $updateDateOfInstalledVersion. Whereas $updateDateOfActualVersion contains the date of the last available version on github, $updateDateOfActualVersion contains the date of installed version - taken from the feed, too.

What, if the installed version is not part of the feed? In the actual situation all versions, that are to old to be part of the feed can't check the version, so now it's not a problem. But in the future one could operate a forum with a 2.4.x-version (version-check-capable) and the feed could be continued to far because of the many meanwhile released versions. It might be an idea to store the date of the last succeeded run of a software update and take this into accout of the comparision.

We should remove the condition or using a further function argument, that contains the last version of the 'temp_infos' table (in addition to the installed version number).

approved

If we remove the condition, a sql update runs every day, i.e. the following code is executed

With an additional check against the last version from temp_infos we have not to do this by default …

if ($latestRelease !== false) {
@mysqli_query($connid, "INSERT INTO ".$db_settings['temp_infos_table']." (`name`, `value`, `time`) VALUES ('last_version_check', '" . mysqli_real_escape_string($connid, $latestRelease->version) . "', NOW()) ON DUPLICATE KEY UPDATE `value` = '" . mysqli_real_escape_string($connid, $latestRelease->version) . "', `time` = NOW();");
@mysqli_query($connid, "INSERT INTO ".$db_settings['temp_infos_table']." (`name`, `value`) VALUES ('last_version_uri', '" . mysqli_real_escape_string($connid, $latestRelease->uri) . "') ON DUPLICATE KEY UPDATE `value` = '" . mysqli_real_escape_string($connid, $latestRelease->uri) . "';");
}

In my opinion, it is a reasonable change.

… but the idea to use INSERT ON DUPLICATE KEY UPDATE is in general worth a second and third view.

Tschö, Auge

PS: I ran for the second time during the last weeks into the trap of getting the message "No Authorization" (only this one sentence) when I wanted to use the preview-button. The message was not formatted in the forums template so I think, it's a message from the server itself and not from the forum software.

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Friday, April 20, 2018, 10:35 (2170 days ago) @ Auge

Hi,

If I understand your words, this is the comparision to decide if the new values (version number and date) should be stored in the temp-settings-table?

Yes, but I think, we can skip this part because only two SQL statements must be applied a day. This is not a performance issue. ;-)

It seems wrong to me if the value get's compared with (only?) the installed version

The user like to know, if the installed version becomes outdated.

What, if the installed version is not part of the feed?

The time is set to zero and $updateDateOfActualVersion > $updateDateOfInstalledVersion becomes true. This is not a problem.

In the actual situation all versions, that are to old to be part of the feed can't check the version, so now it's not a problem.

You are wrong. If the installed version is e.g. 1.0.0 and outside the feed content, the condition returns true, because of the first statement in

if ($lastVersion != $currentVersion && ...

With an additional check against the last version from temp_infos we have not to do this by default …

If we remove the condition, a sql update is preformed. If we add the values from the 'temp_infos' table, we need a further sql select. In total, the number of sql queries are on the same size.

… but the idea to use INSERT ON DUPLICATE KEY UPDATE is in general worth.

worth to what? Remember, this statement runs ones a day.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

No authorisation - message

by Micha ⌂, Saturday, April 21, 2018, 15:07 (2169 days ago) @ Auge

Hi,

PS: I ran for the second time during the last weeks into the trap of getting the message "No Authorization" (only this one sentence) when I wanted to use the preview-button. The message was not formatted in the forums template so I think, it's a message from the server itself and not from the forum software.

This message comes from the software. There are some calls of

die('No authorisation!');
  • posting.inc.php (4 hits)
  • register.inc.php (1 hit)

(as well as in english.lang).

The critical part seems the check for csrf_token or the session, i.e. (posting.inc.php):

case 'posting_submitted': // is used for preview, too
 if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token'])
  die('No authorisation!');

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Micha ⌂, Monday, April 16, 2018, 15:38 (2174 days ago) @ Auge

Hi,

I take a look to the database of this forum:

last_version_check
2.4.8
2018-02-19 02:30:07

How often the check is running?

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Message for upgradeable version in the admin panel

by Auge ⌂, Monday, April 16, 2018, 18:13 (2174 days ago) @ Micha

Hello

I take a look to the database of this forum:

last_version_check
2.4.8
2018-02-19 02:30:07

How often the check is running?

Normally it should run once a day with the daily tasks with the first request after daily_action_time. But especially in seldom used or internal forums (i.e. in an intranet) I observed the problem of an unreliable actualisation. If we could presume a mechanism like cronjob (Unixoids) or planned tasks (Windows), we could rebuild the action-call.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

RSS Feed of thread