Bug #23291 New

Member Import Utility Crashes When Importing XML File with Long Filename into avatar_filename Tag

Version: 3.5.12 Reporter: riko

Click on Developer -> Utilities

Click on Member Import

XML file location set to: system/test.xml Member group set to Members

Click Import Members

Click Confirm Import

Error message displays:

Exception Caught

SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'avatar_filename' at row 1:
REPLACE INTO `exp_members` (`group_id`, `username`, `screen_name`, `password`, `email`, `avatar_filename`, `ip_address`, `join_date`, `language`, `timezone`, `time_format`, `date_format`, `include_seconds`, `unique_id`) VALUES ('5', 'brettb', 'Brett Bretterson', '653132ffd94b986bf2bb806b3c67d190', 'brett@example.com', 'cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg', '0.0.0.0', 1511280362, 'english', 'America/Chicago', '12', '%n/%j/%Y', 'n', '65658c10d0b572f0b6cf1919e274f19b68f38dd7')

ee/legacy/database/drivers/mysqli/mysqli_connection.php:122

The avatar_filename field in the members table is 120 characters long. XML Import will try to place a 243 character filename into the field and crash. Incidentally, the long image filename came from a live WordPress system.

The same thing happens when I tested with the photo_filename tag.

I suspect all the filename tags don’t have sufficient bounds checking.

Contents of test.xml:

This is the same as the User Guide example except avatar_filename tag has been added.

<members>
        <member>
                <username>brettb</username>
                <screen_name>Brett Bretterson</screen_name>
                653132ffd94b986bf2bb806b3c67d190</password>
                <email>brett@example.com</email>
                <a>cropped-1434733285_O5p26jeoH96ny-LuIqDnzETxypi1Ku2aLg44AFZ77WLteA8xhwyS7fsEjmaI_Ilwe68IvQuKkm8JdGhIl70MbX4PPsuh4bk4Xrw-R1YQ-l1xbOxjPBJvaEvFPbR8qvwQbDMXV00EV8UrbSVqmwYFyNL8nVA2T1JVOZsGKWOBRf_Oahju_AHKWMq1P_W8EIT-E4FGlK4_R_s5CKVWH3z_fLf5VtTg.jpg</avatar_filename>
        </member>
</members>
  • Nobody has said anything yet.

You must be signed in to comment on a bug report.

ExpressionEngine News

#eecms, #events, #releases