We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree

Bug #23291 Bug Fixed

Member Import Utility Crashes When Importing XML File with Long Filename into avatar_filename Tag

Version: 4.3.1 Reporter: riko

[mod note- bug was originally reported in v3, but confirmed in v4]

Click on Developer -> Utilities

Click on Member Import

XML file location set to: system/test.xml Member group set to Members

Click Import Members

Click Confirm Import

Error message displays:

Exception Caught

SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'avatar_filename' at row 1:
REPLACE INTO `exp_members` (`group_id`, `username`, `screen_name`, `password`, `email`, `avatar_filename`, `ip_address`, `join_date`, `language`, `timezone`, `time_format`, `date_format`, `include_seconds`, `unique_id`) VALUES ('5', 'brettb', 'Brett Bretterson', '653132ffd94b986bf2bb806b3c67d190', 'brett@example.com', 'cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg', '0.0.0.0', 1511280362, 'english', 'America/Chicago', '12', '%n/%j/%Y', 'n', '65658c10d0b572f0b6cf1919e274f19b68f38dd7')

ee/legacy/database/drivers/mysqli/mysqli_connection.php:122

The avatar_filename field in the members table is 120 characters long. XML Import will try to place a 243 character filename into the field and crash. Incidentally, the long image filename came from a live WordPress system.

The same thing happens when I tested with the photo_filename tag.

I suspect all the filename tags don’t have sufficient bounds checking.

Contents of test.xml:

This is the same as the User Guide example except avatar_filename tag has been added.

<members>
        <member>
                <username>brettb</username>
                <screen_name>Brett Bretterson</screen_name>
                653132ffd94b986bf2bb806b3c67d190</password>
                <email>brett@example.com</email>
                <avatar_filename>cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg</avatar_filename>
        </member>
</members>
Report Bug

Sort Bugs

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Formatting Cheatsheet

ExpressionEngine implements Markdown Extra and BBCode. Please see the Markdown Extra docs and the BBCode Wikipedia article for a full reference.

Inline styles

**bold**, __bold__, *italics*, _italics_, ~strike/del~, `code()`
bold, italics, strike/del, code()

Links and Images

Link: [link title](https://example.com)

Image: ![alt text](https://example.com/image.jpg)

Quoting

[blockquote]...[/blockquote], [quote]...[/quote], and Markdown style:

> Some quoted text.
>
> This is all one quote.

Code Samples

[code]...[/code], and you can also specify the language for syntax highlighting, [code=php]...[/code]

GitHub flavored Markdown code fences are also supported:

```
public function decoderRing($str)
{
	return str_rot13($str);
}
```

Username

Password

Forgot password?
or Register