Version: 4.3.1 Reporter: riko —
[mod note- bug was originally reported in v3, but confirmed in v4]
Click on Developer -> Utilities
Click on Member Import
XML file location set to: system/test.xml Member group set to Members
Click Import Members
Click Confirm Import
Error message displays:
Exception Caught
SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'avatar_filename' at row 1:
REPLACE INTO `exp_members` (`group_id`, `username`, `screen_name`, `password`, `email`, `avatar_filename`, `ip_address`, `join_date`, `language`, `timezone`, `time_format`, `date_format`, `include_seconds`, `unique_id`) VALUES ('5', 'brettb', 'Brett Bretterson', '653132ffd94b986bf2bb806b3c67d190', 'brett@example.com', 'cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg', '0.0.0.0', 1511280362, 'english', 'America/Chicago', '12', '%n/%j/%Y', 'n', '65658c10d0b572f0b6cf1919e274f19b68f38dd7')
ee/legacy/database/drivers/mysqli/mysqli_connection.php:122
The avatar_filename field in the members table is 120 characters long. XML Import will try to place a 243 character filename into the field and crash. Incidentally, the long image filename came from a live WordPress system.
The same thing happens when I tested with the photo_filename tag.
I suspect all the filename tags don’t have sufficient bounds checking.
Contents of test.xml:
This is the same as the User Guide example except avatar_filename tag has been added.
<members>
<member>
<username>brettb</username>
<screen_name>Brett Bretterson</screen_name>
653132ffd94b986bf2bb806b3c67d190</password>
<email>brett@example.com</email>
<avatar_filename>cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg</avatar_filename>
</member>
</members>
ExpressionEngine implements Markdown Extra and BBCode. Please see the Markdown Extra docs and the BBCode Wikipedia article for a full reference.
**bold**
, __bold__
, *italics*
, _italics_
, ~strike/del~
, `code()`
bold, italics, strike/del, code()
Link: [link title](https://example.com)
Image: ![alt text](https://example.com/image.jpg)
[blockquote]...[/blockquote]
, [quote]...[/quote]
, and Markdown style:
> Some quoted text. > > This is all one quote.
[code]...[/code]
, and you can also specify the language for syntax highlighting, [code=php]...[/code]
GitHub flavored Markdown code fences are also supported:
``` public function decoderRing($str) { return str_rot13($str); } ```