Project

General

Profile

Actions

Bug #81159

closed

Extension import marks multiple extension versions as "current versions"

Added by Michael Schams over 7 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Extension Manager
Target version:
-
Start date:
2017-05-07
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Extension import from TER (more precisely the "extensions.xml.gz" file parser) marks multiple extension versions as current versions.
However, only one version can be current.

Example: EXT:wiris_plugin

See attached screenshot0001.png
This is the XML file that gets imported into the TYPO3 instance. The example extension shows two versions. The first version is "3.53.3-1157", see marker (1), the second version is "3.53.3", see marker (2).

See attached screenshot0002.png
This is the imported data in table "tx_extensionmanager_domain_model_extension". Both versions are marked as "current_version = 1", see marker (3), but only version "3.53.3" should be the current version due to the fact that this version was uploaded later (lastuploaddate: 1429773206).

It is obvious that the unusual version string ("3.53.3-1157") likely causes this issue.


Files

screenshot0001.png (71.7 KB) screenshot0001.png Michael Schams, 2017-05-07 03:15
screenshot0002.png (36.5 KB) screenshot0002.png Michael Schams, 2017-05-07 03:15
issue81159.mp4 (3.65 MB) issue81159.mp4 Michael Schams, 2020-10-15 04:53
Actions #1

Updated by Michael Schams over 7 years ago

Note: if I remember correctly, the extension importer converts the version strings into integer values and uses the highest value as the current version ("3.53.3" => "3053003").
This would explain why two versions "3.53.3-1157" and "3.53.3" mess up this logic. Both strings possibly result in "3053003".

Actions #2

Updated by Oliver Bartsch about 4 years ago

  • Status changed from New to Needs Feedback

Hi Michael,

I tried to reproduce this using following SQL statement:

SELECT extension_key, count(*) as count FROM tx_extensionmanager_domain_model_extension WHERE current_version=1 GROUP BY extension_key HAVING count>1 ORDER BY count DESC;

There is no extension_key with a count greater than 1 currently. There was recently some refactoring of the whole EM done. Maybe this has already resolved the issue.

Furthermore it's according to docs and TER not valid to upload a version in this syntax ("3.53.3-1157").

// https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ExtensionArchitecture/DeclarationFile/Index.html#declaration-file-ext-emconf-php

Version of the extension. Automatically managed by EM / TER. Format is [int].[int].[int]
// https://extensions.typo3.org/my-extensions/extension-upload/

Please notice that the version number in ext_emconf.php must match the version number in the filename.

Linux (Shell): zip -r ../my_extension_key_x.y.z.zip *
OS X (Shell): zip -r ../my_extension_key_x.y.z.zip *

Could you therefore please have a look if you are still able reproduce this?

Actions #3

Updated by Michael Schams about 4 years ago

I just re-tested the issue and I can confirm that the bug still exists in v10.4.9. The XML Importer of the Extension Manager imports polluted data and marks multiple extension versions as "current version".

However, in a standard installation, the result of the bug is no longer apparent today (more than three years after I reported this issue). This is because of three reasons:

1) It seems that the TER team fixed most of the invalid extension versions. So the extensions.xml.gz file is much cleaner today.
2) The TER possibly filters invalid version strings when users upload extensions today (not tested!).
3) The Extension Manager only imports extensions younger than 04 April 2017 and ignores all extensions older than this date (this is hard-coded).

I recorded my tests (see attached file issue81159.mp4). It shows the following steps:

- Fresh installation of TYPO3 v10.4.9 using the traditional installation method.
- Show that the database table tx_extensionmanager_domain_model_extensions is empty (0 records).
- Apply a core patch that bypasses the aforementioned restriction to only import extensions newer than 04/2017.
- Import extension list using the Extension Manager in the TYPO3 BE.
- Show that the database table tx_extensionmanager_domain_model_extensions now contains all extensions (49,000+ records).
- Show that extension EXT:wiris_plugin has two versions, both are marked as "current version".
- Show that this is the only extension with this issue.

Although the problem does not occur in modern TYPO3 versions anymore, the core still has this bug and is vulnerable to invalid version strings in the extensions.xml.gz file.

I will check with the TER team if they can delete the invalid version of EXT:wiris_plugin from the TER. However, this does not fix the bug in the TYPO3 core of course. In case the data that is imported through the Extension Manager shows invalid version strings (for whatever reason), this may result in issues in TYPO3 instances. Following the principle of not trusting any input data, this bug is still open and should be fixed from my perspective.

Core patch used to import all extensions: see GitHub

Actions #4

Updated by Oliver Bartsch about 4 years ago

  • Status changed from Needs Feedback to Accepted

Thanks for the detailed feedback.

Actions #5

Updated by Michael Schams about 4 years ago

FYI: the TER team changed the version of EXT:wiris_plugin from 3.53.3-1157 to 3.53.2.
This is great, as this cleans up the data in extensions.xml.gz, but I suspect it makes it harder to test a possible fix for the issue described in this ticket :-)

Actions #6

Updated by Georg Ringer 5 months ago

  • Status changed from Accepted to Closed

hey michael,

I stumbled upon this issue and close it as I couldn't reproduce it and as you said, the xml is cleaned up. hope this is fine for you, otherwise don't hesitate to contact me via slack

Actions

Also available in: Atom PDF