bug
avatar chmst
chmst
15 Jan 2025

Steps to reproduce the issue

The statistics Plugin throws this messag at first login to the backend of different sites.
It affects sites where the user accepted to send statistic data after installation.
Not sure when I noticed this at the first time, maybe since J4.2? I had this on localhost under xampp and thought that it is caused by a misconfiguration of my environment.

But now i see it reported from different users and also on own sites which are in a subdomain.

Expected result

No error message

Actual result

RuntimeException: Could not send site statistics to remote server: Invalid data submission.

System information (as much as possible)

PHP 8.2 or higher
online on subdomains and on localhost under xampp (win11)

Additional comments

In my application it affects only sites which are transferred via akeeba backup, no clue if this is relevant.

avatar chmst chmst - open - 15 Jan 2025
avatar joomla-cms-bot joomla-cms-bot - change - 15 Jan 2025
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 15 Jan 2025
avatar chmst chmst - change - 15 Jan 2025
Labels Added: bug
Removed: No Code Attached Yet
avatar chmst chmst - unlabeled - 15 Jan 2025
avatar chmst chmst - labeled - 15 Jan 2025
avatar brianteeman
brianteeman - comment - 15 Jan 2025

is the value of $secret unique across the sites?

avatar richard67 richard67 - change - 15 Jan 2025
Labels Added: Information Required
avatar richard67 richard67 - labeled - 15 Jan 2025
avatar alikon
alikon - comment - 16 Jan 2025

got the same

Image

with a request like this

Image

in my case the problem arise from https://github.com/joomla/statistics-server
i suspect don't validate the input in some circumstances

https://github.com/joomla/statistics-server/blob/4e8bcaa164b5002683ed131fcc137be7f9950dcf/src/Controllers/SubmitDataController.php#L100-L138

    // Validate the submitted data
    $data['php_version'] = $this->checkPHPVersion($data['php_version']);
    $data['cms_version'] = $this->checkCMSVersion($data['cms_version']);
    $data['db_type']     = $this->checkDatabaseType($data['db_type']);
    $data['db_version']  = $this->validateVersionNumber($data['db_version']);


    // We require at a minimum a unique ID and the CMS version
    if (empty($data['unique_id']) || (empty($data['cms_version']) && $data['cms_version'] !== false)) {
        $this->getApplication()->getLogger()->info(
            'Missing required data from request.',
            ['postData' => $originalData]
        );


        /** @var JsonResponse $response */
        $response = $this->getApplication()->getResponse();
        $response = $response->withPayload(
            [
                'error'   => true,
                'message' => 'There was an error storing the data.',
            ]
        );
        $response = $response->withStatus(500);


        $this->getApplication()->setResponse($response);


        return true;
    }


    // If the below data does not pass tests, we do not accept the POST
    if ($data['php_version'] === false || $data['cms_version'] === false || $data['db_type'] === false || $data['db_version'] === false) {
        /** @var JsonResponse $response */
        $response = $this->getApplication()->getResponse();
        $response = $response->withPayload(
            [
                'error'   => true,
                'message' => 'Invalid data submission.',
            ]
        );
        $response = $response->withStatus(500);
avatar chmst
chmst - comment - 16 Jan 2025

is the value of $secret unique across the sites?

Indeed, good idea. I changed the secret Key in one of the sites before first login and the message did not appear.

avatar chmst chmst - change - 16 Jan 2025
The description was changed
avatar chmst chmst - edited - 16 Jan 2025
avatar chmst chmst - change - 16 Jan 2025
Labels Removed: Information Required
avatar chmst chmst - unlabeled - 16 Jan 2025

Add a Comment

Login with GitHub to post a comment