Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 21:29

    nitriques on 3.0.x

    Redirect loggued in users to AP… Add documentation about unambig… Allow numeric values in schema … (compare)

  • Jan 29 19:40
    timokleemann commented #2861
  • Jan 28 10:50
    animaux commented #2574
  • Jan 25 18:25
    nitriques commented #2865
  • Jan 25 18:23
    wdebusschere closed #2865
  • Jan 25 18:23
    wdebusschere commented #2865
  • Jan 25 18:09
    nitriques commented #2865
  • Jan 25 18:09
    nitriques commented #2865
  • Jan 25 18:07

    nitriques on 3.0.x

    Avoid double insert (write) exe… (compare)

  • Jan 25 18:07
    nitriques closed #2882
  • Jan 25 18:06
    nitriques milestoned #2882
  • Jan 25 18:06
    nitriques labeled #2882
  • Jan 25 18:06
    nitriques assigned #2882
  • Jan 25 18:06
    nitriques review_requested #2882
  • Jan 24 22:06
    wdebusschere commented #2865
  • Jan 24 21:58
    wdebusschere commented #2865
  • Jan 24 21:10
    nitriques commented #2865
  • Jan 24 20:33
    wdebusschere commented #2865
  • Jan 24 20:33
    wdebusschere commented #2865
  • Jan 24 17:57
    nitriques commented #2865
Roman Klein
@twiro

That's my NGINX-directive for the last line:

location ~ (^|/)\. { return 403; }

That's the Lets-Encrypt-Request that gets blocked:

http://domain.com/.well-known/acme-challenge/8ijNOjUvNUY22VbYPZbfDH3…

I understand that this comes from the url path starting with a "." right after the domain but in order to modify my NGINX-rules in the best possible way I'd really like to understand what the original htaccess rule is trying to protect…

michael-e
@michael-e
IMHO the rule matches ALL "dot files", i.e. filenames starting with a dot. At the time when the rule was created it was no bad idea to match them all. Nowadays things are indeed different.
Alexander Rutz
@animaux
»At the time when the rule was created« sound like a line from some dystopic novel.
Nicolas Brassard
@nitriques
@twiro I still feel that the rule is good. But I always add this directive before Sym's one:
## Allow .well-known folder
RewriteRule ^\.well-known - [S=250,L]
michael-e
@michael-e
Nice!
michael-e
@michael-e
www.getsymphony.com is broken again. We might seriously consider replacing it.
Alexander Rutz
@animaux
@michael-e If only someone had the time and resources …
cylkee
@cylkee
@nitriques @twiro Is S=250 redundant here because of L? https://httpd.apache.org/docs/current/rewrite/flags.html
Nimantha Harshana Perera
@nimanthaharshana

Hi All,

We have a site which is selling magazines and we have used the "Storage" extension to keep the cart items until customers do the checkout. There're two payment methods available for the customer to choose.

1) Stripe
2) PayPal

Everything was working fine until last week, but we had to change the Stripe payments code as they are enforcing SCA in their new API. We have changed the Stripe payments code now and it has been tested fairly to assure that nothing brakes the transaction.

However once we released the changes to the live site we had few complaints that some customers were unable to perform the transaction. So we looked into the our log files and found that the transaction is failing due to the reason that some required information is missing. In each case we noticed that Storage data has gone empty before they complete the payment. Then we had a look at server log files and found that there's a fatal error related to MySql. The error as follows.

PHP Fatal error: Uncaught DatabaseException: MySQL Error (1366): Incorrect string value: '\xF0\x9F\x99\x82";...' for column 'session_data' at row 1 in query: INSERT INTO sym_sessions (session, session_expires, session_data) VALUES ................

This seems to be occurred by the Storage extension and we have no idea why this is happening (This has not happened very frequently). I'm not sure you guys are aware of this, if so, can someone please advice what we can do to avoid this error.

Thanks in advance

michael-e
@michael-e
The "incorrect string value" looks like a 4-byte character. Symphony uses MySQL's "utf8" character set all over, which — despite its name — does not cover 4-byte utf8 characters. There have been discussions on GitHub about this.
Nimantha Harshana Perera
@nimanthaharshana
Thanks @michael-e . Can you please tell me what I can do to avoid this issue ? :-)
michael-e
@michael-e
It is rather complicated to change the database and Symphony to work with 4-byte characters (which are newer Emojis, most of the time) correctly. So what I did was to remove them before saving to the DB. What you need is a regex like $str = preg_replace('/[\xF0-\xF4].../s', '', $str); (see http://stackoverflow.com/a/16902461).
Nimantha Harshana Perera
@nimanthaharshana
Thanks @michael-e ! :-) I'll take a look and let you know the progress on resolving this. :-)
michael-e
@michael-e
You're welcome! Let us know!
Nimantha Harshana Perera
@nimanthaharshana
Sure @michael-e ! :-) Thanks a lot !!
Nimantha Harshana Perera
@nimanthaharshana

Hi @michael-e

We were going through the issue as per your advice and found that it might not be the case. Let me first explain the workflow of the system.

1) Customer add items to the cart (Information will be saved using the Storage extension) then customer goes to step 2 which is another page
2) Then we suggest some other products to the customer in this page. If they like, they can add more and go to the step 3 (Information will be saved using the Storage extension)
3) We collect their personal (Billing) information (Information will be saved using the Storage extension)
4) We collect delivery details (Information will be saved using the Storage extension)
5) Checkout using Stripe or PayPal

In this last step when customer fill in the checkout details, it will first create the customer member account getting the data from Storage. What we have observed is that, when trying to create the member account the storage has gone empty (We have a log file that keeps the transaction info) sometimes (This happens rarely) causing to fail further execution (Causing to fail the Stripe payment). This issue occurred since we have changed Stripe to become SCA compliant and at the same time we have updated the Symphony core to latest (2.7.10).

So this is either our Stripe SCA code change or Symphony core or the Storage extension. We actually can't see why this is happening Michael. The only thing that we know is that Storage has gone empty in the last step before creating the member.

We really appreciate if you can help us with your expertise on this matter Michael as we're in a great deal of trouble as site visitors are complaining time to time they cannot perform the transaction.

Many thanks in advance.

Nicolas Brassard
@nitriques
@michael-e yeah, we will replace it. But I would like to have a complete html export before ;) cc @animaux
@cylkee yes it is redundant. But I experienced Apaches where the L flag was not honored always, hence this fix
michael-e
@michael-e
@nimanthaharshana: Your database error happens around a four-byte utf8 sequence (clearly indicated by the first byte \xF0), so I strongly assume that this sequence causes the issue.Symphony can not save 4-byte utf8 sequences to the MySQL database. Instead the original string will get truncated (which will result in an invalid session, probably). Debugging this will require logging the relevant data. So you must "hack" the extension and/or the core — the goal is to find/see data that do not work!
Nimantha Harshana Perera
@nimanthaharshana
@michael-e Thanks Michael... However when this issue happened today I can't see any errors in the Apache log file. Do you still think this might be the case ?
michael-e
@michael-e
Yes. It is not an error in Apache. I suggest a simple Test: Try and save the string start🔴end to an input field of your Symphony installation. You will only have startin the database. No Apache errors, but maybe a MYSQL error.
I am AFK for half an hour or so.
Nimantha Harshana Perera
@nimanthaharshana
Thanks Michael !!. I don't know how to thank you for your support even with your busy schedule. Thank you very much !!!
michael-e
@michael-e
@nimanthaharshana Any news?
pavelradvan
@pavelradvan
Hi, I have quite strange question. Is possible to use symphony to create service management system...?? Like some web support system like a helpdesk for service support of customers?
Wannes Debusschere
@wdebusschere
Sure it is
Roman Klein
@twiro

@twiro I still feel that the rule is good. But I always add this directive before Sym's one:

Interesting. I never had this problem with apache environments and the default htaccess-settings… so I'll try to keep that rule in my nginx-directives and also add an exception for the ".well-known"-folder before it. Thanks!

By the way – anybody got a good example of NGINX-directives for Symphony that contain all the security-rules that the default htaccess contains?
I found some infos and examples, but they all miss that aspect…
Roman Klein
@twiro
I'd also be interested in examples of NGINX-directives that replace the multilingual-url-rules that are injected into the htaccess by multilingual extensions – if anybody has set up multilingual Symphony projects on NGINX before…
Roman Klein
@twiro

@michael-e yeah, we will replace it. But I would like to have a complete html export before ;) cc @animaux

Oh. But if it gets replaced, I hope we can keep a static version that is still accessible and fully searchable with Google – this website, as old(fashioned) and partly no more up to date it may be, is still the single best and most important source of information for my work with Symphony. Loosing all this structured and well searchable information without a proper replacement would feel like the final nail in the coffin of the once prospering Symphony ecosystem (Yes, I'm still not over it that this chat killed the beloved forum…)

Alexander Rutz
@animaux
@twiro @nitriques I’m sucking a static version of the site in this very moment ;)
Roman Klein
@twiro
And the topic "Symphony CMS & NGINX" is a good example for the depth of information the good old Symphony website offers – I haven't had to deal with this until this year, but Rowan's article from 2010 is still by far the best resource on this I could find: https://www.getsymphony.com/learn/articles/view/combining-symphony-with-nginx/
michael-e
@michael-e
We have to look at the whole picture. The website looks outdated, and it doesn't work reliably anymore. This aspect is also sort of "damaging the ecosystem" — think of newcomers! Is our website still sexy?
Roman Klein
@twiro
I seriously doubt that newcomers that are looking for something "sexy" in tech these days will consider working with Symphony anyways, so I don't see that as a strong argument for a step that might lead to loose information that is important for developers who are actually working with Symphony on a daily basis now.
Replacing the current website with something "sexy", that lacks the depth of information that the current website has, wouldn't make any sense in my eyes as long as the other parts of the Symphony ecosystem wouldn't keep up with that promised "sexyness" – just think of the default ensemble, which I see as a much bigger turn-off for newcomers in terms of "sexyness".
michael-e
@michael-e
I don't oppose a static archive of the current website, for developers like you and me. But for all others something more sexy wouldn't be bad… Regarding the default ensemble: Oh yes, it's also outdated, to say the least!
Alexander Rutz
@animaux
Actually it shouldn’t be hard to import the whole forum in a modern site.
michael-e
@michael-e
Running your own forum might be outdated as well; has not StackOverflow taken this place?
Alexander Rutz
@animaux
No, gitter ;D
Though StackOverflow would be much preferable in terms of actually FINDING stuff again.
Alexander Rutz
@animaux
A lot more important than a sexy website would be documentation. A lot of stuff only works good if one does know thing not very prominently documented, or not at all …
cylkee
@cylkee
@michael-e @twiro @animaux @nitriques Perhaps we could apply for a space on StackExchange e.g. https://magento.stackexchange.com/. It can be done here?
Heck, maybe we could even import old forum topics :D
In fact, I think we will need to import some forums topics to get approval https://area51.stackexchange.com/faq but that's no bad thing
michael-e
@michael-e
Nice to have, maybe!
Alexander Rutz
@animaux
Hmm. Sitesucker stalls.
Nicolas Brassard
@nitriques
Yeah it is too big for most tools ! ;)
I have a new baby coming home in the next weeks, I may have spare time holding the baby and hacking at the time
Wannes Debusschere
@wdebusschere
@nitriques congratulations!! Or do you mean 3.0?
Nicolas Brassard
@nitriques
@wdebusschere Thanks! And well... both !