No resources in backup file

chamilo / chamilo-lms

Chamilo is a learning management system focused on ease of use and accessibility

https://chamilo.org

GNU General Public License v3.0

812 stars 487 forks source link

No resources in backup file #3113

Open lonesomewalker opened 4 years ago

lonesomewalker commented 4 years ago

Describe Exporting and importing a Chamilo course is not possible on the same platform

To Reproduce ??? Problem is: on 11.chamilo.org everything works, so this might have 2 reasons:

either this is already fixed (but i don't think so)
it is a server setting, but then the error message should be more informative

Desktop (please complete the following information):

OS: Win/Linux/Mac
Browser: Chrome, Firefox, Edge

**Server

OS: Debian latest
Version of Chamilo: 1.11.10 release PHP7
Version of PHP: 7.3 Debian

Additional context Really annoying is: if you export a course, you can see the content in the zip file. Also bonus: if you export from 11.chamilo.org, you can easily import this to other platforms.

Either the export functionality changed or it is a server thing.

lonesomewalker commented 4 years ago

Debugging step 1: course_info.dat seems to have sufficient format. base64_decode shows a lot of serialized data.

Starting with: O:48:"Chamilo\CourseBundle\Component\CourseCopy\Course":9:{s:9:"resources";a:10:{s:18:"course_description";a:4:{i:9;O:69:"Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription":9:{s:5:"title";s:7:"restore";s:7:"content";s:2307:"<p>...

I also notice that there are several occurances of hard coded paths, like: s:17:"course_public_url";s:58:"https://... or: s:25:"course_image_large_source";s:49:"/var/www/chamilo/app/courses/WB120/course-pic.png"

lonesomewalker commented 4 years ago

Okay, bug can be reproduced.

If you have checked WHITELISTING filetypes, course_info.dat matches as DANGEROUS.

Seriously? Yes, it is a regex match, but how to imort courses otherwise? Consider this a bug :-)

Coursenligne commented 4 years ago

It could be environment related, as I export/import from the same plaatform. It's worth testing the imported course as some elements sometimes have to be reloaded (mainly images), but this is quite sporadic my side. ---Edit---- An extra thought (night helps sometimes...). Is your course made via Chamilo's integrated authoring tool? Otherwise, you need to modify the configuration file as, for security matter, SCORM export/importis not allowed by default.

ywarnier commented 3 years ago

In short: Add warning in course import to check if the file extension is considered dangerous and show the appropriate message:

if (!empty(api_get_setting('whitelist')) and in_array('.dat', preg_split('/;/', api_get_setting('whitelist')))) {
    Flash::display($message);
}

Message: "Although this file might have been generated through the same software, your security settings currently prevent .dat extensions to be uploaded to this platform. Please ask your administrator to allow the .dat extension in the security settings."