From liam.gretton at leicester.ac.uk Thu Jul 1 09:26:23 2021 From: liam.gretton at leicester.ac.uk (Gretton, Liam) Date: Thu, 1 Jul 2021 08:26:23 +0000 Subject: [ZendTo] Incoming folder filling up In-Reply-To: References: <57e2ceab-fe3b-e3d5-e130-a6964c870c9b@Zend.To> Message-ID: Hi Jules, Yes, that's pretty much it. I use the tarball download of ZendTo rather than the installer, and must have overlooked a step somewhere, as I haven't got that cronjob at all. I'll pick it apart and see if there's anything else I've overlooked. Thanks very much for your help as always, Liam Liam Gretton Systems Specialist IT Services, University of Leicester, University Road, Leicester, LE1 7RH, UK t: +44 (0)116 252 2254 e: liam.gretton at leicester.ac.uk w: www.le.ac.uk [cid:image001.gif at 01D76E5B.27E000F0] Follow us on Twitter or visit our Facebook page From: Jules Sent: 30 June 2021 11:24 To: ZendTo Users Cc: Gretton, Liam Subject: Re: [ZendTo] Incoming folder filling up Hi Liam, In /etc/cron.d/zendto you should see, among other lines, a "find" command which does this: 5 */4 * * * root find -H /var/zendto/incoming -type f -mmin +1440 -delete >/dev/null 2>&1 Every 4 hours, at 5 minutes past the hour, that should delete all files in the "/var/zendto/incoming" directory that are more than 24 hours (1440 minutes) old. Check your /etc/cron.d/zendto has that line, which 6.03-5 certainly should have. Have you moved the /var/zendto/incoming directory to somewhere else? If so, fix the path in this line or ensure there is a link from /var/zendto/incoming to wherever your "incoming" directory is now. Cheers, Jules. On 23/06/2021 11:52, Gretton, Liam via ZendTo wrote: Hi, I've only just noticed that over the last few months the Filedrop incoming folder has accumulated hundreds of files. The files in question don't appear to match what's in the dropoff area (obviously those older than a couple of weeks are no longer dropoffs anyway). Therefore I guess these left-over files are a result of interrupted or abandoned uploads. Does Filedrop have a mechanism for clearing up the incoming folder? I'm not sure of the mechanism for recognising a completed upload and turning it into a dropoff, and how this could go wrong. The start of the problem roughly coincides with the point that AV (not ClamAV) was installed on the server: could the AV be locking the file and preventing Filedrop from deleting it? If there's not an existing mechanism to clean this folder up I'll create a simple cron job to delete old files there. Would I be right in thinking that there should only ever be in-flight uploads present there? I'm still on 6.03-5, planning to upgrade over the summer. Thanks, Liam (I first sent this to the list on June 18 but it didn't appear) Liam Gretton Systems Specialist IT Services, University of Leicester, University Road, Leicester, LE1 7RH, UK t: +44 (0)116 252 2254 e: liam.gretton at leicester.ac.uk w: www.le.ac.uk [cid:image001.gif at 01D76E5B.27E000F0] Follow us on Twitter or visit our Facebook page _______________________________________________ ZendTo mailing list ZendTo at zend.to http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'I have lost friends, some by death ... others through sheer inability to cross the street.' - Virginia Woolf www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 3340 bytes Desc: image001.gif URL: From jules at zend.to Thu Jul 1 09:42:18 2021 From: jules at zend.to (jules at zend.to) Date: Thu, 1 Jul 2021 09:42:18 +0100 Subject: [ZendTo] Incoming folder filling up In-Reply-To: References: <57e2ceab-fe3b-e3d5-e130-a6964c870c9b@Zend.To> Message-ID: Hi Liam, There are changes made by the rpm and deb packages that add to /etc/profile.d (sets "ZENDTOPREFS"), /etc/logrotate.d (rotates the /var/log/zendto log files), and /etc/cron.d. I've attached the file that needs to go into /etc/cron.d which does all the regular housekeeping tasks. Cheers, Jules. On 01/07/2021 09:26, Gretton, Liam via ZendTo wrote: > > Hi Jules, > > Yes, that's pretty much it. I use the tarball download of ZendTo > rather than the installer, and must have overlooked a step somewhere, > as I haven't got that cronjob at all. I'll pick it apart and see if > there's anything else I've overlooked. > > Thanks very much for your help as always, > > Liam > > *Liam Gretton > Systems Specialist*** > > ** > > IT Services, > University of Leicester, University Road, Leicester, LE1 7RH, UK > > *t:*+44 (0)116 252 2254 > *e:*liam.gretton at leicester.ac.uk > *w:*www.le.ac.uk _ > _ > Follow us on Twitter or visit our > Facebook page > > *From:*Jules > *Sent:* 30 June 2021 11:24 > *To:* ZendTo Users > *Cc:* Gretton, Liam > *Subject:* Re: [ZendTo] Incoming folder filling up > > Hi Liam, > > In /etc/cron.d/zendto you should see, among other lines, a "find" > command which does this: > 5 */4 * * * root find -H /var/zendto/incoming -type f -mmin +1440 > -delete >/dev/null 2>&1 > > Every 4 hours, at 5 minutes past the hour, that should delete all > files in the "/var/zendto/incoming" directory that are more than 24 > hours (1440 minutes) old. > > Check your /etc/cron.d/zendto has that line, which 6.03-5 certainly > should have. > Have you moved the /var/zendto/incoming directory to somewhere else? > If so, fix the path in this line or ensure there is a link from > /var/zendto/incoming to wherever your "incoming" directory is now. > > Cheers, > Jules. > > On 23/06/2021 11:52, Gretton, Liam via ZendTo wrote: > > Hi, > > I've only just noticed that over the last few months the Filedrop > incoming folder has accumulated hundreds of files. The files in > question don't appear to match what's in the dropoff area > (obviously those older than a couple of weeks are no longer > dropoffs anyway). Therefore I guess these left-over files are a > result of interrupted or abandoned uploads. > > Does Filedrop have a mechanism for clearing up the incoming > folder? I'm not sure of the mechanism for recognising a completed > upload and turning it into a dropoff, and how this could go wrong. > The start of the problem roughly coincides with the point that AV > (not ClamAV) was installed on the server: could the AV be locking > the file and preventing Filedrop from deleting it? > > If there's not an existing mechanism to clean this folder up I'll > create a simple cron job to delete old files there. Would I be > right in thinking that there should only ever be in-flight uploads > present there? > > I'm still on 6.03-5, planning to upgrade over the summer. > > Thanks, > > Liam > > (I first sent this to the list on June 18 but it didn't appear) > > *Liam Gretton > Systems Specialist* > > ** > > IT Services, > University of Leicester, University Road, Leicester, LE1 7RH, UK > > *t:* +44 (0)116 252 2254 > *e:* liam.gretton at leicester.ac.uk > *w:* www.le.ac.uk > _ > _ > Follow us on Twitter > > or visit our Facebook > > page > > > > _______________________________________________ > > ZendTo mailinglist > > ZendTo at zend.to > > http://jul.es/mailman/listinfo/zendto > > > > Jules > -- > Julian Field MEng CEng CITP MBCS MIEEE MACM > 'I have lost friends, some by death ... others through sheerinability > to cross the street.' - Virginia Woolf > www.Zend.To > Twitter: @JulesFM > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'Remember me when I am gone away, Gone far away into the silent land; When you can no more hold me by the hand, Nor I half turn to go yet turning stay. Remember me when no more day by day You tell me of our future that you planned: Only remember me; you understand It will be late to counsel then or pray. Yet if you should forget me for a while And afterwards remember, do not grieve: For if the darkness and corruption leave A vestige of the thoughts that once I had, Better by far you should forget and smile Than that you should remember and be sad.' - Christina Rossetti www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 3340 bytes Desc: not available URL: -------------- next part -------------- 5 0 * * * root /usr/bin/php /opt/zendto/sbin/cleanup.php /opt/zendto/config/preferences.php >/dev/null 2>&1 25 * * * * root /usr/bin/php /opt/zendto/sbin/cleanup.php /opt/zendto/config/preferences.php --no-warnings >/dev/null 2>&1 15 0 * * * root /usr/bin/php /opt/zendto/sbin/emailSummary.php /opt/zendto/config/preferences.php >/dev/null 2>&1 5 */4 * * * root find -H /var/zendto/incoming -type f -mmin +1440 -delete >/dev/null 2>&1 1 1 * * * root /usr/bin/php /opt/zendto/sbin/rrdInit.php /opt/zendto/config/preferences.php 2>&1 | /bin/grep -iv 'illegal attempt to update using time' 3 3 * * * root /usr/bin/php /opt/zendto/sbin/rrdUpdate.php /opt/zendto/config/preferences.php 2>&1 | grep -v '^[0-9]*x[0-9]*$' From Jules at Zend.To Fri Jul 2 09:18:15 2021 From: Jules at Zend.To (Jules) Date: Fri, 2 Jul 2021 09:18:15 +0100 Subject: [ZendTo] Potential SQL injection vulnerability? In-Reply-To: References: <40C106B1-B23C-4834-85B1-65928139A230@neilzone.co.uk> <394a349b-1316-4bfd-2a32-bd64523efb73@Zend.To> Message-ID: Hi Mark, Thanks for that more detailed analysis. All changelocale.php does with the getdata/postdata input is put it into $_GET and $_POST of the script that rendered the page (having switched language). All the checking of the GET/POST data is done by the other scripts. So if there are no problems with the input handling of the other scripts, changelocale can't add any problems. Yes, its HTML output will mirror its input (including GET/POST parameters) but it doesn't actually do anything itself with that data, it just passes it through. So I still think this is a false positive. Cheers, Jules. On 30/06/2021 13:10, Sangster, Mark via ZendTo wrote: > > Hello, > > I tested this myself? > > Visiting: /pickup.php?getdata=[123] > > Results in this in the source: ? id="getdata" value="{"getdata":"[123]"}"/>'+ > > So, whilst pickup.php doesn?t use it the variable, it does cause it to > be set in the which would then POST to changelocale.php via JS. > > It is also possible to set the postdata variable for example with curl: > > $ curl -s --data "postdata=[123]" https:// /pickup.php | grep 123 > > ' value="{"postdata":"[123]","auth":"0fbecdfffe9da3c642a74605325c944b"}"/>'); > > The data is encoded but it seems like it is normally encoded as it is > (noting the auth). It might be feasible to craft something to impact > changelocale.php depending on how it handles sanitising the > getdata/postdata input. > > If it is unexpected to accept input from GET/POST to pickup.php, then > it shouldn?t be set and passed to changelocale.php. > > I presume the detection it made was simply that the submitted string > appears in the source. > > Cheers > > Mark > > *From:*ZendTo *On Behalf Of *Jules via ZendTo > *Sent:* 30 June 2021 12:02 > *To:* ZendTo Users > *Cc:* Jules > *Subject:* Re: [ZendTo] Potential SQL injection vulnerability? > > CAUTION: External email. Ensure this message is from a trusted source > before clicking links/attachments. If you are concerned forward this > email to spam at abdn.ac.uk > > Hi Neil, > > Curious. > > What I can definitely say is that "pickup.php" does not have a > parameter called "getdata", so you can set that to anything you like > and it shouldn't have any effect whatsoever. > > "changelocale.php" does, but that's not where they found any problem. > > And even in "changelocale.php" it isn't recognised as a GET parameter, > only a POST. So again, setting it in the URL can't have any effect. > > So I would say this is a false positive. > > Cheers, > Jules. > > On 24/06/2021 09:54, Neil via ZendTo wrote: > > Hello Jules > > I?ve conducted an OWASP web application test against our > installation of zend.to, using ZAP (https://www.zaproxy.org). > > It has indicated one potential high risk, as a potential SQL > injection vulnerability. > > Do you have any thoughts on this, and whether it is a false > positive, please? > > Best wishes > > > Neil > > Description > > > > SQL injection may be possible. > > > URL > > > > https://filetransfer.decoded.legal/pickup.php?getdata=%5B%5D%27+AND+%271%27%3D%271&getdata=%7B%22getdata%22%3A%22%5B%5D%22%2C%22getput%22%3A%22%22%2C%22goingto%22%3A%22%22%2C%22gothere%22%3A%22pickup.php%22%2C%22locale%22%3A%22%22%2C%22postdata%22%3A%22%7B%5C%22auth%5C%22%3A%5C%2295ca1f5b66aba21cc2698ead33d03285%5C%22%7D%22%2C%22template%22%3A%22claimid_box.tpl%22%7D&getdata=%7B%22getdata%22%3A%22%7B%5C%22getdata%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22getput%5C%22%3A%5C%22%5C%22%2C%5C%22goingto%5C%22%3A%5C%22%5C%22%2C%5C%22gothere%5C%22%3A%5C%22pickup.php%5C%22%2C%5C%22locale%5C%22%3A%5C%22%5C%22%2C%5C%22postdata%5C%22%3A%5C%22%7B%5C%5C%5C%22auth%5C%5C%5C%22%3A%5C%5C%5C%2295ca1f5b66aba21cc2698ead33d03285%5C%5C%5C%22%7D%5C%22%2C%5C%22template%5C%22%3A%5C%22claimid_box.tpl%5C%22%7D%22%2C%22getput%22%3A%22%22%2C%22goingto%22%3A%22%22%2C%22gothere%22%3A%22pickup.php%22%2C%22locale%22%3A%22%22%2C%22postdata%22%3A%22%7B%5C%22aut > h%5C%22%3A%5C%22a6d31fa9ec46a6cffb3668e43af5c28b%5C%22%7D%22%2C%22template%22%3A%22claimid_box.tpl%22%7D&getdata=%7B%22getdata%22%3A%22%7B%5C%22getdata%5C%22%3A%5C%22%7B%5C%5C%5C%22getdata%5C%5C%5C%22%3A%5C%5C%5C%22%5B%5D%5C%5C%5C%22%2C%5C%5C%5C%22getput%5C%5C%5C%22%3A%5C%5C%5C%22%5C%5C%5C%22%2C%5C%5C%5C%22goingto%5C%5C%5C%22%3A%5C%5C%5C%22%5C%5C%5C%22%2C%5C%5C%5C%22gothere%5C%5C%5C%22%3A%5C%5C%5C%22pickup.php%5C%5C%5C%22%2C%5C%5C%5C%22locale%5C%5C%5C%22%3A%5C%5C%5C%22%5C%5C%5C%22%2C%5C%5C%5C%22postdata%5C%5C%5C%22%3A%5C%5C%5C%22%7B%5C%5C%5C%5C%5C%5C%5C%22auth%5C%5C%5C%5C%5C%5C%5C%22%3A%5C%5C%5C%5C%5C%5C%5C%2295ca1f5b66aba21cc2698ead33d03285%5C%5C%5C%5C%5C%5C%5C%22%7D%5C%5C%5C%22%2C%5C%5C%5C%22template%5C%5C%5C%22%3A%5C%5C%5C%22claimid_box.tpl%5C%5C%5C%22%7D%5C%22%2C%5C%22getput%5C%22%3A%5C%22%5C%22%2C%5C%22goingto%5C%22%3A%5C%22%5C%22%2C%5C%22gothere%5C%22%3A%5C%22pickup.php%5C%22%2C%5C%22locale%5C%22%3A%5C%22%5C%22%2C%5C%22postdata%5C%22%3A%5C%22%7B%5C%5C%5C%22auth%5C% > 5C%5C%22%3A%5C%5C%5C%22a6d31fa9ec46a6cffb3668e43af5c28b%5C%5C%5C%22%7D%5C%22%2C%5C%22template%5C%22%3A%5C%22claimid_box.tpl%5C%22%7D%22%2C%22getput%22%3A%22%22%2C%22goingto%22%3A%22%22%2C%22gothere%22%3A%22pickup.php%22%2C%22locale%22%3A%22%22%2C%22postdata%22%3A%22%7B%5C%22auth%5C%22%3A%5C%22a6d31fa9ec46a6cffb3668e43af5c28b%5C%22%7D%22%2C%22template%22%3A%22claimid_box.tpl%22%7D&getput=&goingto=&gothere=pickup.php&locale=&postdata=%7B%22auth%22%3A%22%22%7D&postdata=%7B%22auth%22%3A%2295ca1f5b66aba21cc2698ead33d03285%22%7D&postdata=%7B%22auth%22%3A%22a6d31fa9ec46a6cffb3668e43af5c28b%22%7D&template=claimid_box.tpl > > > Method > > > > GET > > Parameter > > > > getdata > > Attack > > > > []' AND '1'='1 > > URL > > > > https://filetransfer.decoded.legal/pickup.php > > Method > > > > POST > > Parameter > > > > claimID > > Attack > > > > ZAP" AND "1"="1" -- > > Instances > > > > 2 > > Solution > > > > Do not trust client side input, even if there is client side > validation in place. > > In general, type check all data on the server side. > > If the application uses JDBC, use PreparedStatement or > CallableStatement, with parameters passed by '?' > > If the application uses ASP, use ADO Command Objects with strong > type checking and parameterized queries. > > If database Stored Procedures can be used, use them. > > Do *not* concatenate strings into queries in the stored procedure, > or use 'exec', 'exec immediate', or equivalent functionality! > > Do not create dynamic SQL queries using simple string concatenation. > > Escape all data received from the client. > > Apply an 'allow list' of allowed characters, or a 'deny list' of > disallowed characters in user input. > > Apply the principle of least privilege by using the least > privileged database user possible. > > In particular, avoid using the 'sa' or 'db-owner' database users. > This does not eliminate SQL injection, but minimizes its impact. > > Grant the minimum database access that is necessary for the > application. > > Other information > > > > The page results were successfully manipulated using the boolean > conditions [[]' AND '1'='1] and [[]' AND '1'='2] > > The parameter value being modified was NOT stripped from the HTML > output for the purposes of the comparison > > Data was returned for the original parameter. > > The vulnerability was detected by successfully restricting the > data originally returned, by manipulating the parameter > > > > _______________________________________________ > > ZendTo mailing list > > ZendTo at zend.to > > http://jul.es/mailman/listinfo/zendto > > > > Jules > -- > Julian Field MEng CEng CITP MBCS MIEEE MACM > 'Once is happenstance, twice is coincidence, three times is enemy > action.' - Ian Fleming > www.Zend.To > Twitter: @JulesFM > > > The University of Aberdeen is a charity registered in Scotland, No > SC013683. > Tha Oilthigh Obar Dheathain na charthannas cl?raichte ann an Alba, > ?ir. SC013683. > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'We are such stuff as dreams are made on. And our little life is rounded with a sleep.' - Starfleet Admiral Jean-Luc Picard (retired) www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From zend.to at neilzone.co.uk Tue Jul 6 13:37:09 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Tue, 6 Jul 2021 13:37:09 +0100 Subject: [ZendTo] PHP Fatal error References: Message-ID: Afternoon everyone I?ve attempted to test the latest beta on a box with a pre-existing installation, and I have come across this error (in both the installation routine and in the logs). PHP Fatal error: Cannot declare class Sql, because the name is already in use in /opt/zendto/lib/SQLite3.php on line 29 I?ve not been able to work around it, and I haven?t come across it before ? any thoughts? Best wishes Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Tue Jul 6 13:45:22 2021 From: Jules at Zend.To (Jules) Date: Tue, 6 Jul 2021 13:45:22 +0100 Subject: [ZendTo] PHP Fatal error In-Reply-To: References: Message-ID: Neil, According to Google, you suggested the correct fix for this yourself when someone else had the same problem, back in June last year. Your suggestion was: " Do you have sqlite installed for your version of php? (If not, perhaps apt-get install php7.x-sqlite will fix it, replacing x with your php7 sub-version.) " in response to which Jake Sallee called you a genius. :-) http://jul.es/pipermail/zendto/2020-June/004110.html And while I'm here, the latest release is a Production release, not a beta. Cheers, Jules. On 06/07/2021 13:37, Neil via ZendTo wrote: > Afternoon everyone > > I?ve attempted to test the latest beta on a box with a pre-existing > installation, and I have come across this error (in both the > installation routine and in the logs). > > PHP Fatal error:? Cannot declare class Sql, because the name is > already in use in /opt/zendto/lib/SQLite3.php on line 29 > > I?ve not been able to work around it, and I haven?t come across it > before ? any thoughts? > > Best wishes > > Neil > > > > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'One of the deep secrets of life is that all that is really worth doing is what we do for others.' - Lewis Carroll www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From zend.to at neilzone.co.uk Tue Jul 6 13:55:46 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Tue, 6 Jul 2021 13:55:46 +0100 Subject: [ZendTo] PHP Fatal error In-Reply-To: References:

<07E7241D-996C-4A2F-A2F2-E17506744212@neilzone.co.uk> Message-ID: > On 6 Jul 2021, at 13:45, Jules wrote: Hello Jules > > According to Google, you suggested the correct fix for this yourself when someone else had the same problem Aargh. Best wishes Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg.clarke at waikato.ac.nz Tue Jul 13 02:53:40 2021 From: greg.clarke at waikato.ac.nz (Greg Clarke) Date: Tue, 13 Jul 2021 13:53:40 +1200 Subject: [ZendTo] Number of files in a drop off. References: Message-ID: Hi there Is there a limit on the number of files that can be in a drop off? I have a user claiming that there is a limit of 255 files. And yes, I will be educating them in the wonders of zip archives. Have a good day. Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Tue Jul 13 15:35:05 2021 From: Jules at Zend.To (Jules) Date: Tue, 13 Jul 2021 15:35:05 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: Message-ID: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To> Greg, Yes there is, the limit is 200 files per drop-off. I didn't see why anyone would sensibly need more than that. Beyond that, they would be much better off using a zip file or similar archive; that's what they're for. Beyond 200 or so you would probably want a directory structure too, rather than simply a flat list of hundreds of files. If you want to change the number, in the current version it's set in /opt/zendto/lib/NSSDropoff.php line 2467. It's the only occurrence of "200" in that file, apart from in the year in the comment at the top. As you have the source, feel free to change it. If many people want it changed, I could turn it into a preferences.php setting instead. But that seemed a little OTT. I could also just increase it, as it shouldn't have any security or other implications provided it doesn't get ridiculously huge. Cheers, Jules. On 13/07/2021 02:53, Greg Clarke via ZendTo wrote: > Hi there > > Is there a limit on the number of files that can be in a drop off? > > I have a user claiming that there is a limit of 255 files. > > And yes, I will be educating them in the wonders of zip archives. > > > Have a good day. > > > Greg > > > > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'When I read Shakespeare I am struck with wonder That such trivial people should muse and thunder In such lovely language.' - D.H. Lawrence www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From zend.to at neilzone.co.uk Tue Jul 13 15:58:20 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Tue, 13 Jul 2021 15:58:20 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

Message-ID: > On 13 Jul 2021, at 15:35, Jules via ZendTo wrote: > > the limit is 200 files per drop-off. > I didn't see why anyone would sensibly need more than that Out of curiosity ? and I tend to agree ? what is the message shown to the user if they attempt to do this? Does it (or could it) gently suggest that they put the files into a zip file or other archive, and try again? Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Tue Jul 13 16:01:58 2021 From: Jules at Zend.To (Jules) Date: Tue, 13 Jul 2021 16:01:58 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

Message-ID: <683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> Neil, On 13/07/2021 15:58, zend.to at neilzone.co.uk wrote: > > >> On 13 Jul 2021, at 15:35, Jules via ZendTo wrote: >> >> the limit is 200 files per drop-off. >> I didn't see why anyone would sensibly need more than that > > Out of curiosity ? and I tend to agree ? what is the message shown to > the user if they attempt to do this? At the moment, I strongly suspect it just ignores them after the first 200 files. Sub-optimal? :-/ > > Does it (or could it) gently suggest that they put the files into a > zip file or other archive, and try again? Good idea. That'll just be some more JavaScript in the New Drop-off form. Thanks! Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'If I be the first of us to die, Let grief not blacken long your sky. Be bold yet modest in your grieving. There is change but not a leaving. For just as death is part of life, The dead live on forever in the living. For all the gathered riches of our journey, The moments shared, the mysteries explored, The steady layer of intimacy stored. The things that made us laugh or weep or sing, The joy of sunlit snow or first unfurling of the spring, The wordless language of look and touch, The knowing, each giving and each taking, These are not flowers that fade, Nor trees that fall and crumble. Nor are they stone, For even stone cannot the wind and rain withstand And mighty mountain peaks in time reduce to sand. What we were, we are. What we had, we have. A conjoined past imperishably present. So when you walk the woods where once we walked together And scan in vain the dappled bank beside you for my shadow, Or pause where we always did upon the hill to gaze across the land, And spotting something, reach by habit for my hand, And finding none, feel sorrow start to steal upon you, Be still. Clear your eyes. Breathe. Listen for my footfall in your heart. I am not gone but merely walk within you.' - Nicholas Evans, an excerpt from The Smoke Jumper www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From MDeerr at hshlawyers.com Tue Jul 13 16:08:09 2021 From: MDeerr at hshlawyers.com (Marlon Deerr) Date: Tue, 13 Jul 2021 15:08:09 +0000 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local> Message-ID: Or better yet, why not (also) have some sort of message informing the user ahead of time of the limit. Why bother have them go through the process of adding 200 files just to find out later that they are capped at 200? Maybe some sort of message in and around that yellow highlighted area below? [cid:image001.png at 01D777D7.5CA37850] From: ZendTo [mailto:zendto-bounces at zend.to] On Behalf Of Jules via ZendTo Sent: Tuesday, July 13, 2021 11:02 AM To: zend.to at neilzone.co.uk; ZendTo Users Cc: Jules ; Greg Clarke Subject: Re: [ZendTo] Number of files in a drop off. Neil, On 13/07/2021 15:58, zend.to at neilzone.co.uk wrote: On 13 Jul 2021, at 15:35, Jules via ZendTo > wrote: the limit is 200 files per drop-off. I didn't see why anyone would sensibly need more than that Out of curiosity ? and I tend to agree ? what is the message shown to the user if they attempt to do this? At the moment, I strongly suspect it just ignores them after the first 200 files. Sub-optimal :-/ Does it (or could it) gently suggest that they put the files into a zip file or other archive, and try again? Good idea. That'll just be some more JavaScript in the New Drop-off form. Thanks! Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'If I be the first of us to die, Let grief not blacken long your sky. Be bold yet modest in your grieving. There is change but not a leaving. For just as death is part of life, The dead live on forever in the living. For all the gathered riches of our journey, The moments shared, the mysteries explored, The steady layer of intimacy stored. The things that made us laugh or weep or sing, The joy of sunlit snow or first unfurling of the spring, The wordless language of look and touch, The knowing, each giving and each taking, These are not flowers that fade, Nor trees that fall and crumble. Nor are they stone, For even stone cannot the wind and rain withstand And mighty mountain peaks in time reduce to sand. What we were, we are. What we had, we have. A conjoined past imperishably present. So when you walk the woods where once we walked together And scan in vain the dappled bank beside you for my shadow, Or pause where we always did upon the hill to gaze across the land, And spotting something, reach by habit for my hand, And finding none, feel sorrow start to steal upon you, Be still. Clear your eyes. Breathe. Listen for my footfall in your heart. I am not gone but merely walk within you.' - Nicholas Evans, an excerpt from The Smoke Jumper www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 44370 bytes Desc: image001.png URL: From zend.to at neilzone.co.uk Tue Jul 13 16:11:42 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Tue, 13 Jul 2021 16:11:42 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local> References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local> Message-ID: > On 13 Jul 2021, at 16:08, Marlon Deerr wrote: > > Or better yet, why not (also) have some sort of message informing the user ahead of time of the limit. I like that. There?s already language relating to number of files in the text above the form (image attached), so perhaps this could draw on the number set by the administrator, and say something like ?one or more files, up to a maximum of $limit_from_preferences, for anyone?? ? But perhaps your suggestion of ?Click to add up to $limit_from_preferences Files?? in the button text is more obvious to the user? Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot 2021-07-13 at 16.09.56.png Type: image/png Size: 55349 bytes Desc: not available URL: From Jules at Zend.To Tue Jul 13 16:20:06 2021 From: Jules at Zend.To (Jules) Date: Tue, 13 Jul 2021 16:20:06 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local> Message-ID: I don't want to make the page appear any more complex than it is already, so I personally don't like the idea of putting extra text in or next to the "click to ..." button in the middle. And this is the first time this issue has ever been raised. I had to go and read my own code to discover what the limit was and how/where I had enforced it. Hardly *anyone* ever hits this, I think it's a very rare event. Adding a tiny bit to the text at the top would be okay, in my view. Though possibly something really short such as ??? ??? "...one or more files (maximum 200) for anyone..." Then I could probably fix all the language translations to a reasonable standard too, as I'm only trying to add 1 word. Any thoughts? Cheers, Jules. On 13/07/2021 16:11, zend.to at neilzone.co.uk wrote: > > >> On 13 Jul 2021, at 16:08, Marlon Deerr wrote: >> >> Or better yet, why not (also) have some sort of message informing the >> user ahead of time of the limit. > > I like that. > > There?s already language relating to number of files in the text above > the form (image attached), so perhaps this could draw on the number > set by the administrator, and say something like ?one or more files, > up to a maximum of $limit_from_preferences, for anyone?? > > ? > > But perhaps your suggestion of ?Click to add up to > $limit_from_preferences Files?? in the button text is more obvious to > the user? > > > Neil > > Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM The current UK shipping forecast: German Bight: Cyclonic becoming northerly or northeasterly, 2 to 4, occasionally 5 in southwest. Smooth or slight. Thundery showers, fog patches. Moderate or good, occasionally very poor. www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot%202021-07-13%20at%2016.09.56.png Type: image/png Size: 55349 bytes Desc: not available URL: From MDeerr at hshlawyers.com Tue Jul 13 16:27:05 2021 From: MDeerr at hshlawyers.com (Marlon Deerr) Date: Tue, 13 Jul 2021 15:27:05 +0000 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local>

Message-ID: That small addition of ?(maximum 200)? sounds good enough to me actually. From: Jules [mailto:Jules at Zend.To] Sent: Tuesday, July 13, 2021 11:20 AM To: zend.to at neilzone.co.uk; Marlon Deerr Cc: ZendTo Users ; Greg Clarke Subject: Re: [ZendTo] Number of files in a drop off. I don't want to make the page appear any more complex than it is already, so I personally don't like the idea of putting extra text in or next to the "click to ..." button in the middle. And this is the first time this issue has ever been raised. I had to go and read my own code to discover what the limit was and how/where I had enforced it. Hardly *anyone* ever hits this, I think it's a very rare event. Adding a tiny bit to the text at the top would be okay, in my view. Though possibly something really short such as "...one or more files (maximum 200) for anyone..." Then I could probably fix all the language translations to a reasonable standard too, as I'm only trying to add 1 word. Any thoughts? Cheers, Jules. On 13/07/2021 16:11, zend.to at neilzone.co.uk wrote: On 13 Jul 2021, at 16:08, Marlon Deerr > wrote: Or better yet, why not (also) have some sort of message informing the user ahead of time of the limit. I like that. There?s already language relating to number of files in the text above the form (image attached), so perhaps this could draw on the number set by the administrator, and say something like ?one or more files, up to a maximum of $limit_from_preferences, for anyone?? ? But perhaps your suggestion of ?Click to add up to $limit_from_preferences Files?? in the button text is more obvious to the user? Neil [cid:image001.png at 01D777DA.025E4F70] Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM The current UK shipping forecast: German Bight: Cyclonic becoming northerly or northeasterly, 2 to 4, occasionally 5 in southwest. Smooth or slight. Thundery showers, fog patches. Moderate or good, occasionally very poor. www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 34495 bytes Desc: image001.png URL: From zend.to at neilzone.co.uk Tue Jul 13 16:28:58 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Tue, 13 Jul 2021 16:28:58 +0100 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local>

<5760C467-361E-42C0-A268-C62E1A110CD7@neilzone.co.uk> Message-ID: > On 13 Jul 2021, at 16:20, Jules wrote: > > "...one or more files (maximum 200) for anyone?? That seems sensible, given, as you say, how rare this must be! Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg.clarke at waikato.ac.nz Tue Jul 13 23:53:02 2021 From: greg.clarke at waikato.ac.nz (Greg Clarke) Date: Wed, 14 Jul 2021 10:53:02 +1200 Subject: [ZendTo] Number of files in a drop off. In-Reply-To: References: <352d3226-bdd9-1ca4-228d-d0dc61095831@Zend.To>

<683660ff-d7ab-38e7-5348-3edad23a3067@Zend.To> <7e5bb2a4bbc24f9398c1d2ec1a454f7f@HSH-MAIL.HSH.local>

Message-ID: Hi Jules I have advised the user to use zip archives for large file sets. They have hit the limit twice in the last two days. In-house lawyer so I haven't asked specifics as to why. Lawyers in an academic environment is like poking a powder keg with a burning ember and I don't want the bang or the fallout. The addition of ?(maximum 200)? is a good solution. Thanks and have a good day. Greg On Wed, 14 Jul 2021 at 03:48, Marlon Deerr via ZendTo wrote: > That small addition of ?(maximum 200)? sounds good enough to me actually. > > > > > > > > *From:* Jules [mailto:Jules at Zend.To] > *Sent:* Tuesday, July 13, 2021 11:20 AM > *To:* zend.to at neilzone.co.uk; Marlon Deerr > *Cc:* ZendTo Users ; Greg Clarke < > greg.clarke at waikato.ac.nz> > *Subject:* Re: [ZendTo] Number of files in a drop off. > > > > I don't want to make the page appear any more complex than it is already, > so I personally don't like the idea of putting extra text in or next to the > "click to ..." button in the middle. > > And this is the first time this issue has ever been raised. I had to go > and read my own code to discover what the limit was and how/where I had > enforced it. Hardly *anyone* ever hits this, I think it's a very rare event. > > Adding a tiny bit to the text at the top would be okay, in my view. > Though possibly something really short such as > "...one or more files (maximum 200) for anyone..." > Then I could probably fix all the language translations to a reasonable > standard too, as I'm only trying to add 1 word. > > Any thoughts? > > Cheers, > Jules. > > On 13/07/2021 16:11, zend.to at neilzone.co.uk wrote: > > > > > > On 13 Jul 2021, at 16:08, Marlon Deerr wrote: > > > > Or better yet, why not (also) have some sort of message informing the user > ahead of time of the limit. > > > > I like that. > > > > There?s already language relating to number of files in the text above the > form (image attached), so perhaps this could draw on the number set by the > administrator, and say something like ?one or more files, up to a maximum > of $limit_from_preferences, for anyone?? > > > > ? > > > > But perhaps your suggestion of ?Click to add up to $limit_from_preferences > Files?? in the button text is more obvious to the user? > > > > > > Neil > > > > Jules > > > > -- > > Julian Field MEng CEng CITP MBCS MIEEE MACM > > > > The current UK shipping forecast: > > German Bight: Cyclonic becoming northerly or northeasterly, 2 to 4, > > occasionally 5 in southwest. Smooth or slight. Thundery showers, fog patches. > > Moderate or good, occasionally very poor. > > > > www.Zend.To > > Twitter: @JulesFM > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 34495 bytes Desc: not available URL: From manty at manty.net Thu Jul 15 13:27:55 2021 From: manty at manty.net (Santiago Garcia Mantinan) Date: Thu, 15 Jul 2021 14:27:55 +0200 Subject: [ZendTo] Patch for better url construction References: Message-ID: Hi! While trying to use ZendTo both with an internal and external (through reverse proxy) urls I was strugling a bit, then I realised that if I had serverRoot set to "" ZendTo would generate the url (maybe this can be used for multidomain support?), so I only had to set it like that and also set advertisedServerRoot to the right url (the external one that is going to be on the mails and all that. I got to some problems there, as the URL was not being correctly generated, this patch fixes that, first taking into account the forwarded server and using it instead of the server name, and then fixing a bug that clears the url if it doesn't have a ? on it (at least that is what is happening to me on Debian 10 with php 7.3.29. As always, comments are welcome. Regards. --- 6.11/opt/zendto/lib/NSSDropbox.php 2021-06-18 16:27:01.000000000 +0200 +++ /opt/zendto/lib/NSSDropbox.php 2021-07-13 13:05:18.880981984 +0200 @@ -58,10 +58,10 @@ } else { $port = ":$port"; } - $NSSDROPBOX_URL = "http".($https ? "s" : "")."://".@$_SERVER['SERVER_NAME'].$port.@$_SERVER['REQUEST_URI']; + $NSSDROPBOX_URL = "http".($https ? "s" : "")."://".(null !== @$_SERVER['HTTP_X_FORWARDED_SERVER'] ? @$_SERVER['HTTP_X_FORWARDED_SERVER'] : @$_SERVER['SERVER_NAME']).$port.@$_SERVER['REQUEST_URI']; // Delete anything after a ? (and the ? itself) // $NSSDROPBOX_URL = preg_replace('/\?.*$/', '', $NSSDROPBOX_URL); - $NSSDROPBOX_URL = substr($NSSDROPBOX_URL, 0, strpos($NSSDROPBOX_URL, '?')); + if (strpos($NSSDROPBOX_URL, '?')) {$NSSDROPBOX_URL = substr($NSSDROPBOX_URL, 0, strpos($NSSDROPBOX_URL, '?'));} // Should now end in blahblah.php or simply a directory / // if ( !preg_match('/\/$/',$NSSDROPBOX_URL) ) { if ( substr($NSSDROPBOX_URL, -1) !== '/' ) { -- Manty/BestiaTester -> http://manty.net From zend.to at neilzone.co.uk Thu Jul 15 15:58:27 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Thu, 15 Jul 2021 15:58:27 +0100 Subject: [ZendTo] Patch for better url construction In-Reply-To: References: <89493C3A-041A-4301-903F-8C1E7B1F08EB@neilzone.co.uk> Message-ID: > On 15 Jul 2021, at 13:27, Santiago Garcia Mantinan via ZendTo wrote: > > maybe this can > be used for multidomain support? Interesting. I?m not sure I follow the rationale for internal v external URLs (it?s not my business!), but I do like the idea of one instance working accessible via multiple domains. Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: From zend.to at neilzone.co.uk Thu Jul 29 15:00:59 2021 From: zend.to at neilzone.co.uk (zend.to at neilzone.co.uk) Date: Thu, 29 Jul 2021 15:00:59 +0100 Subject: [ZendTo] Cron error: illegal attempt to update using time' References: <20210729000101.2C2F75D74B@localhost> <9B1B29F6-581E-46D8-AA6E-C48BA74C0937@neilzone.co.uk> Message-ID: I?ve recently started to receive the message below, on a daily basis, from cron: /usr/bin/php /opt/zendto/sbin/rrdInit.php /opt/zendto/config/preferences.php 2>&1 | /bin/grep -iv 'illegal attempt to update using time? Fatal error: Uncaught Error: Call to undefined function bind_textdomain_codeset() in /opt/zendto/lib/NSSDropbox.php:153 Stack trace: #0 /opt/zendto/lib/NSSDropoff.php(26): require_once() #1 /opt/zendto/sbin/rrdInit.php(33): include_once('/opt/zendto/lib...') #2 {main} thrown in /opt/zendto/lib/NSSDropbox.php on line 153 I?ve not dug into it yet, but has anyone else had the same? Neil -------------- next part -------------- An HTML attachment was scrubbed... URL: