zip_install icon indicating copy to clipboard operation
zip_install copied to clipboard
verified publisher icon FriendsOfREDAXO

Fix ValueError: finfo_file() Argument #2 must not be empty

Open Copilot opened this issue 5 months ago • 1 comments

Problem

The addon was throwing a ValueError when finfo_file() was called with an empty filename parameter:

ValueError: finfo_file(): Argument #2 ($filename) must not be empty
File: redaxo/src/addons/zip_install/lib/zip_install.php
Line: 401

This error occurred in PHP 8.1+ when file uploads failed but the $_FILES array was still populated. In such cases, $uploadedFile['tmp_name'] could be empty, causing finfo_file() to throw a ValueError when attempting to validate the MIME type.

Solution

Added proper validation checks before calling finfo_file() in the handleFileUploadWithResult() method:

  1. Upload Error Validation: Check $uploadedFile['error'] to catch PHP upload errors (file size exceeded, incomplete uploads, etc.)
  2. Empty Path Validation: Ensure $uploadedFile['tmp_name'] is not empty before using it
  3. Security Validation: Use is_uploaded_file() to verify the file was legitimately uploaded via HTTP POST

These checks ensure that MIME type validation is only performed on valid uploaded files, preventing the ValueError and providing better error messages to users.

Changes

  • Modified /lib/zip_install.php in the handleFileUploadWithResult() method
  • Added 16 lines of validation code before file processing
  • Returns appropriate error messages when validation fails

Benefits

  • ✅ Fixes the ValueError crash
  • ✅ Improves error handling for failed uploads
  • ✅ Enhances security by validating uploads more thoroughly
  • ✅ Provides better user feedback for upload failures
  • ✅ Maintains backward compatibility

Testing

  • PHP syntax validation passed
  • Manual validation tests confirmed proper handling of:
    • Empty temporary file paths
    • Upload errors (UPLOAD_ERR_*)
    • Valid uploads
Original prompt

This section details on the original issue you should resolve

<issue_title>ValueError: finfo_file(): Argument #2 ($filename) must not be empty</issue_title> <issue_description>ValueError: finfo_file(): Argument FriendsOfREDAXO/zip_install#2 ($filename) must not be empty File: redaxo/src/addons/zip_install/lib/zip_install.php Line: 401

Stacktrace
Function File Line
finfo_file redaxo/src/addons/zip_install/lib/zip_install.php 401
FriendsOfRedaxo\ZipInstall\ZipInstall->handleFileUploadWithResult redaxo/src/addons/zip_install/pages/install.packages.zip_install.php 27
require redaxo/src/core/lib/packages/package.php 233
rex_package->includeFile redaxo/src/core/lib/be/controller.php 516
rex_be_controller::{closure:rex_be_controller::includePath():498} redaxo/src/core/lib/util/timer.php 62
rex_timer::measure redaxo/src/core/lib/be/controller.php 498
rex_be_controller::includePath redaxo/src/core/lib/be/controller.php 464
rex_be_controller::includeCurrentPageSubPath redaxo/src/addons/install/pages/index.php 18
require redaxo/src/core/lib/packages/package.php 233
rex_package->includeFile redaxo/src/core/lib/be/controller.php 516
rex_be_controller::{closure:rex_be_controller::includePath():498} redaxo/src/core/lib/util/timer.php 62
rex_timer::measure redaxo/src/core/lib/be/controller.php 498
rex_be_controller::includePath redaxo/src/core/lib/be/controller.php 438
rex_be_controller::includeCurrentPage redaxo/src/core/backend.php 279
require redaxo/src/core/boot.php 136
require redaxo/index.php 9
System report (REDAXO 5.20.0, PHP 8.4.13, MySQL 5.7.44)
REDAXO
Version 5.20.0
PHP
Version 8.4.13
OPcache yes
Xdebug no
Database
Version MySQL 5.7.44
Character set utf8
Warning Die verwendete MySQL-Version 5.7.44 wird nicht mehr vom Hersteller gepflegt und sollte aktualisiert werden.
Server
OS Linux
SAPI cgi-fcgi
Webserver Apache
Request
Browser Chrome/141.0.0.0
Protocol HTTP/2.0
HTTPS yes
Packages
accessdenied 3.0.0
adminer 3.5.0
api_docs 1.1.0
auto_delete 2.0.1
backup 2.9.3
be_style 3.7.0
be_style/customizer 3.5.0
be_style/redaxo 3.7.0
bloecks 5.2.5
ckeditor 4.20.2
cronjob 2.11.1
developer 3.9.3
install 2.13.1
maintenance 3.4.0 ...

Fixes FriendsOfREDAXO/zip_install#53

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot avatar Oct 18 '25 15:10 Copilot

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Oct 18 '25 15:10 coderabbitai[bot]