direct_mail icon indicating copy to clipboard operation
direct_mail copied to clipboard

Published 20 hours ago verified publisher icon kartolo

Value for rid in sys_dmail_maillog to long

Open jacques2017 opened this issue 2 years ago • 6 comments

I send mails with statistik activated. Sometimes I find this entry in de TYPO3-Log file:

Uncaught TYPO3 Exception: An exception occurred while executing 'INSERT INTO sys_dmail_maillog (mid, tstamp, url, response_type, url_id, rtbl, rid) VALUES (?, ?, ?, ?, ?, ?, ?)' with params [814, 1661181258, "https://[MYURL]/typo3conf/ext/direct_mail/Resources/Public/Icons/dmailerping.gif", -1, 0, "", 738000000000000000]: Data too long for column 'rid' at row 1

How can I avoid this problem? TYPO3-Version 10.4.28 Direct Mail 7.0.1

jacques2017 avatar Aug 22 '22 17:08 jacques2017

For version 7.0 sql definition for table sys_dmail_maillog and field rid is varchar(11). Your error message says, it will insert integer value of 738000000000000000 into this field, which is to long.

I would not recommend to increase the table field, for longer values. You shoud better find out, why your rid is such an hudge long value, and reduce/reset it to smaller ones.

jokumer avatar Aug 22 '22 17:08 jokumer

You shoud better find out, why your rid is such an hudge long value, and reduce/reset it to smaller ones.

I tried to find out, why this value is so long, but I didn't find it. How can I reduce/reset this value?

jacques2017 avatar Aug 23 '22 06:08 jacques2017

rid is UID of the recipient (tt_address or fe_users). I guess someone (bots) just tried to call dmailerping URL and tried XSS or SQL injection through the GET parameter.

kartolo avatar Sep 27 '22 14:09 kartolo

rid is UID of the recipient (tt_address or fe_users). I guess someone (bots) just tried to call dmailerping URL and tried XSS or SQL injection through the GET parameter.

The problem is in "JumpurlController.php". If $jumpurl is a string, in row 109 the else statement is executed and $recipientUid is set to the value of $submittedAuthCode. If $submittedAuthCode is e.g. "4e59c93a", instruction "(int)($recipientUid ?? $this->recipientRecord['uid'])" in row 129 returns the integer "9223372036854775807" which is too long for the field "rid".

bernd-reindl avatar Sep 29 '22 08:09 bernd-reindl

rid is UID of the recipient (tt_address or fe_users). I guess someone (bots) just tried to call dmailerping URL and tried XSS or SQL injection through the GET parameter.

The problem is in "JumpurlController.php". If $jumpurl is a string, in row 109 the else statement is executed and $recipientUid is set to the value of $submittedAuthCode. If $submittedAuthCode is e.g. "4e59c93a", instruction "(int)($recipientUid ?? $this->recipientRecord['uid'])" in row 129 returns the integer "9223372036854775807" which is too long for the field "rid".

Thanks. I use jumpurl. As a workaround I increased the table field. It's not the solution, but it works.

jacques2017 avatar Sep 29 '22 09:09 jacques2017

With this (merged) change, the authCode is no longer casted as int and the 'rid' field is now varchar(40) instead of varchar(11): https://github.com/kartolo/direct_mail/pull/380

We had no log entries with the message "Data too long for column 'rid' […]", but I believe this commit solves this problem as well.

imminger avatar Feb 20 '23 17:02 imminger