[2.1.x] Could not retrieve the file current-version.js

[isaak654]

Description

I was able to reproduce this in a clean SMF 2.1.3 installation with Altervista. Note: AVforum2 is a dummy reference.

Steps to reproduce

1. Create a new Altervista site for free from https://en.altervista.org/create-free-site.php ("Hosting with file manager" plan)

2. Clean installation of SMF 2.1.3 (no mods) 2b. After installing it, I noticed these error messages in the log area:

   Error message
   Could not retrieve the file https://www.simplemachines.org/smf/current-version.js?version=SMF+2.1.3.
   URL of page causing the error
   http://AVforum2.altervista.org/index.php?step=5
   Backtrace information
   
   #0: scheduled_fetchSMfiles()
   Called from /membri/AVforum2/install.php on line 1837
   #1: DeleteInstall()
   Called from /membri/AVforum2/install.php on line 164

   Error message
   Could not retrieve the file https://www.simplemachines.org/smf/current-version.js?version=SMF+2.1.3.
   URL of page causing the error
   http://AVforum2.altervista.org/index.php?scheduled=task;ts=1683030420
   Backtrace information
   
   #0: scheduled_fetchSMfiles()
   Called from /membri/AVforum2/Sources/ScheduledTasks.php on line 116
   #1: AutoTask()
   Called from /membri/AVforum2/index.php on line 167

3. Go to Admin -> Maintenance -> Scheduled Tasks -> Scheduled Tasks
4. Tick the checkbox "Fetch Simple Machines files" in the Run Now column
5. Press the Run Now button
6. A red warning will be displayed:

   All selected tasks were completed but some had errors:
   Fetch Simple Machines files
       Could not retrieve the file https://www.simplemachines.org/smf/current-version.js?version=SMF+2.1.3.

7. You should also be able to see the related error log(s):

   Error message
   Could not retrieve the file https://www.simplemachines.org/smf/current-version.js?version=SMF+2.1.3.
   URL of page causing the error
   http://AVforum2.altervista.org/index.php?action=admin;area=scheduledtasks
   Backtrace information
   
   #0: scheduled_fetchSMfiles()
   Called from /membri/AVforum2/Sources/ManageScheduledTasks.php on line 184
   #1: ScheduledTasks()
   Called from /membri/AVforum2/Sources/Subs.php on line 6016
   #2: call_helper()
   Called from /membri/AVforum2/Sources/ManageScheduledTasks.php on line 70
   #3: ManageScheduledTasks()
   Called from /membri/AVforum2/Sources/Admin.php on line 499
   #4: AdminMain()
   Called from /membri/AVforum2/index.php on line 191

Environment (complete as necessary)

• Version/Git revision: SMF 2.1.3
• Database Type: MySQL
• Database Version: 8.0.26
• PHP Version: 7.3.33 / 8.0.26 (I reproduced the warnings with both)
• No CloudFlare enabled

Additional information/references

• This issue apparently started with version 2.1.1, there are a few comments on the Altervista support which indicate a possible SMF issue: 292114-smf-2-1-1-e-mancata-comunicazione-con-simplemachines.html
• Screenshots:

[jdarwood007]

They seem to indicate that CloudFlare does not support the proper Host header in the calls. If CF does not respect this, they are breaking the RFC standard indicated here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23 I doubt CF is breaking a very critical RFC. I've tested both fsocket and curl implantations and both work on my systems. Which seems to prove this point false. The RFC says the port number is valid as we have specified in the system. The only default is that without the port specified, it defaults to the default port, which is 80. Our systems still respond on port 80 for services like the SMF files as to not break installations that have not updated.

Altervista indicates they are using a customized version of PHP

“Optimized for Altervista” PHP 7.3, a release of php checked by the Altervista team and stitched around the platform, with big improvements in terms of performances and security

I am going to say their "customized" version of PHP, is causing this issue. I don't know if 8.0 that they have is customized as well. It may also be that they are not handling the HTTPS implantation correctly.

[isaak654]

Interesting points, but it would be even more interesting to understand why version 2.0.19 is not affected. Is there anything special introduced in 2.1.x that could explain this?

[jdarwood007]

2.0 tries curl first, whereas 2.1 tries fsocketopen first. The socket connection succeeds but the connection later fails if wha they say is true that they are rejecting the connection because of the port in the Host header.

[isaak654]

Just to avoid possible misunderstandings, I don't have CloudFlare enabled on my Altervista account and I can still reproduce the issue. Altervista started to remove its support (and vice versa) from May 2022, so I think CF here is irrelevant: 293526-cloudflare-disattivato-senza-motivo.html#post1486965

I'm going to inform their support thread about the existence of this issue, so any suggestion coming from either side would be appreciated.

[isaak654]

An Altervista staff member recently provided a workaround that seems to work. However, it's not the best and I hope there will be a permanent fix on their side or on the SMF side.

[jdarwood007]

Looks like they are having you connect to a local proxy and it is connecting out.

[Sesquipedalian]

How many issues related to this host have been reported now? Software packages can code as defensively as possible, but at the end of the day a strangely configured host environment will always be able to break things.

In this case, it appears that the host is interfering with outbound requests in some fashion. The solution would be for them to stop doing that.

[m4z]

I've been having similar issues on different hosting providers since I started using SMF. With the test script from the URL above:

<?php
$fp = fsockopen("www.simplemachines.org", 443, $errno, $errstr, 30);

if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
    $out .= "Host: www.simplemachines.org\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

… my current server (hosted by Contabo) returns the following:

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sun, 11 Jun 2023 10:41:28 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>

Until now I didn't even know they were using Cloudflare.

[m4z]

Then again, their other test script that is using the SMF code seems to work for me, returning string(32) "window.smfVersion = "SMF 2.1.4";".

[m4z]

Huh, apparently it works with my current hosting provider, and I didn't notice for almost a year. :clown_face:

[jdarwood007]

If your using fsocketopen, you need to prefix the hostname with ssl://, in addition to the port number. https://stackoverflow.com/questions/1757957/how-do-i-get-ssl-working-in-fsockopen

The port number alone won't tell it to use https.

[m4z]

I can confirm that it also works when using the fixed script:

<?php
$fp = fsockopen("ssl://www.simplemachines.org", 443, $errno, $errstr, 30);

if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
    $out .= "Host: www.simplemachines.org\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

This results in the following:

HTTP/1.1 200 OK
Date: Mon, 12 Jun 2023 10:36:07 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, must-revalidate
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 10 Jun 2023 17:24:13 GMT
etag: "[…]"
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=[…]"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: […]-FRA

20
window.smfVersion = "SMF 2.1.4";
0

PS: I only realized after my last post that Cloudflare might also be on the SMorg side, not at my hoster.