[ZendTo] BUG REPORT [was: Max subject length problem in dropoff requests]

Tue Jan 28 00:05:28 GMT 2025

Liam, thank you for documenting this. A customer just reported an odd 
failure to me me, and I traced it down to this incorrect handling of 
maximum subject-length.

In our case, (6.13-3) we were not seeing the 500 failure, but were 
falling through to the friendlier (less informative) 'Request Error'

I've just examined the published source for 6.15-6 and see only one 
difference in lib/Req.php (at line 269), so this maximum subject-length 
behavior is unchanged.

--
Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska

On 5/23/2024 6:12 AM, Gretton, Liam via ZendTo wrote:
>
> Hi,
>
> When creating a dropoff request, if the subject is greater than 
> $maxSubjectLength characters in length, ZendTo will crash with a 500 
> server error, and the following report:
>
> [23-May-2024 13:35:46 UTC] PHP Warning:  Undefined variable $d in 
> /local/www/ZendTo-6.13-3/lib/Req.php on line 343
>
> [23-May-2024 13:35:46 UTC] PHP Warning:  Undefined variable $d in 
> /local/www/ZendTo-6.13-3/lib/Req.php on line 343
>
> [23-May-2024 13:35:46 UTC] PHP Fatal error:  Uncaught ValueError: 
> Unknown format specifier " " in /local/www/ZendTo-6.13-3/lib/Req.php:343
>
> Stack trace:
>
> #0 /local/www/ZendTo-6.13-3/lib/Req.php(343): sprintf('Your subject 
> li...', 145, 100)
>
> #1 /local/www/ZendTo-6.13-3/lib/Req.php(85): 
> Req->initWithFormData('me at example.com')
>
> #2 /local/www/ZendTo-6.13-3/www/req.php(370): 
> Req->__construct(Object(NSSDropbox), 'me at example.com')
>
> #3 {main}
>
>   thrown in /local/www/ZendTo-6.13-3/lib/Req.php on line 343
>
> The culprit is line 343 of Req.php:
>
> if ($subjectlength>$maxlen) {
>
>   return sprintf(gettext("Your subject line to the recipients is %1$d 
> characters long. It must be less than %2$d."), $subjectlength, 
> $maxlen).' '.$BACKBUTTON;
>
> }
>
> Firstly it seems that the double-quotes around the string causes the 
> printf format specifiers to fail. Change those to single quotes and 
> the problem changes. The page no longer causes a 500 error but reports 
> a friendlier ‘Request Error’ without actually explaining what the 
> problem is. The ‘Your subject line to the recipients … is too long’ 
> message is not included.
>
> Removing the check altogether allows the request to complete, so it 
> doesn’t appear that the max character subject limit is necessarily a 
> problem. I’ve only been testing with a max length of about 100 
> characters though.
>
> Not a show stopper, I’ve just bumped up the value of $maxSubjectLength 
> in preferences.php from 100 to 200 in our case.
>
> My installation is running ZendTO 6.13-3 on CentOS 7 with our own 
> build of PHP 8.2.
>
> Regards,
>
> Liam
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20250127/4d7e8353/attachment-0001.html>