Problem with upload in invoice

Support
1

Hello, I updated 1.6.1 to 1.6.2 and while testing the functionality of upload in Invoices I get this error in GUI:

The action you have requested is not allowed.

Log:

ERROR - 2025-01-03 14:18:58 --> Severity: error --> Exception: Upload::validate_csrf(): Return value must be of type bool, CI_Security returned 

/application/modules/upload/controllers/Upload.php 183
2

Hey,
Did you try to reload the page after you uploaded something?

Can you tell the exact steps that you did before tou got these errors?

Iā€™ve cut out the irrelevant information.
You did an awesome job with formatting the code, i just had to clean it a tiny bit to make the errors more readable

3

I have created Invoice, filled it with items, prices etc. Then went to Upload, select some file, it shows uploading status and when it goes to end it writes that inside Upload section. After reloading the page Upload sections is empty. I did test this on 1.6.1. and it worked. Yesterday I upgraded to v.1.6.2. and it is not working now.

1 Like
4

Open application/modules/upload/controllers/Upload.php
and scroll to line 183

It shows this:

private function validate_csrf(): bool
    {
        return $this->security->csrf_verify();
    }

and it should be:

    private function validate_csrf()
    {
        return $this->security->csrf_verify();
    }

All you need to do is remove the : bool
Is it possible that you give that a try?

1 Like
5

Now it prints the next error regarding that file - Severity: 8192:

ERROR - 2025-01-05 13:25:21 --> Could not find the language line ""
ERROR - 2025-01-05 13:25:21 --> Could not find the language line ""
ERROR - 2025-01-05 13:25:24 --> Could not find the language line ""
ERROR - 2025-01-05 13:25:24 --> Could not find the language line ""
ERROR - 2025-01-05 13:25:24 --> Could not find the language line "ip_lang.log_error_no_file"
ERROR - 2025-01-05 13:25:24 --> Could not find the language line "ip_lang.log_error_no_file"
ERROR - 2025-01-05 13:25:24 --> Severity: 8192 --> sprintf(): Passing null to parameter #1 ($format) of type string is deprecated /home/serverlab/public_html/racun/application/modules/upload/controllers/Upload.php 244
ERROR - 2025-01-05 13:25:24 --> 
ERROR - 2025-01-05 13:25:24 --> Could not find the language line "ip_lang.error_no_file"
ERROR - 2025-01-05 13:25:24 --> Could not find the language line "ip_lang.error_no_file"

Btw what are those ā€œCould not find the language lineā€? I am using Croatian, is the file missing some translations?

1 Like
6

Iā€™ll get back to you on that one

7 
log_message('error', sprintf(_trans($logKey), $dynamicValue));

That $langKey that itā€™s trying to pass isnā€™t there.
Try to do the following:

  • Open /application/modules/upload/controllers/Upload.php en scroll to the respond_error function
    private function respond_error(int $httpCode, string $messageKey, string $logKey, string $dynamicValue = '')
    {
        $logKey = 'Language Key not found';
        log_message('error', sprintf(_trans($logKey), $dynamicValue));
        http_response_code($httpCode);
        echo json_encode(['success' => false, 'message' => _trans($messageKey)]);
    }
8

Btw what are those ā€œCould not find the language lineā€? I am using Croatian, is the file missing some translations

Thereā€™s a difference between the English translations and the Croatian translations.
Those ā€œā€ are language keys that are (I think) in the English file, but not in the Croatian file: https://crowdin.com/project/fusioninvoice/hr

If you log in to Crowdin, there might be a way you can translate those missing strings (Iā€™m not sure if the English strings are there already)

If youā€™re on Windows, thereā€™s a program called WinMerge. You can compare the English file with the Croatian one.
If both files are sorted the same way you can easily see if some language keys are missing.

The English file has recently been sorted, so there might be a difference in the order of the language keys between English and Croatian

9

Can I fix that somehow? You mean $logKey not $langKey?

1 Like
10

I have added to that function

        $logKey = 'Language Key not found';

and now it prints in the log

ERROR - 2025-01-07 13:26:16 --> Could not find the language line "Language Key not found"
ERROR - 2025-01-07 13:26:16 --> Could not find the language line "Language Key not found"
ERROR - 2025-01-07 13:26:16 --> Severity: 8192 --> sprintf(): Passing null to parameter #1 ($format) of type string is deprecated /home/serverlab/public_html/racun/application/modules/upload/controllers/Upload.php 245
ERROR - 2025-01-07 13:26:16 --> 
ERROR - 2025-01-07 13:26:16 --> Could not find the language line "ip_lang.error_no_file"
ERROR - 2025-01-07 13:26:16 --> Could not find the language line "ip_lang.error_no_file"
1 Like
11

--> sprintf(): Passing null to parameter #1 ($format) of type string is deprecated /application/modules/upload/controllers/Upload.php 245

    private function respond_error(int $httpCode, string $messageKey, string $logKey, string $dynamicValue = '')
    {
        $logKey = 'Language Key not found';
        log_message('error', sprintf(_trans($logKey), $dynamicValue));
        http_response_code($httpCode);
        echo json_encode(['success' => false, 'message' => _trans($messageKey)]);
    }

Whichever is passed to sprintf (the first parameter) is not allowed to be null, thatā€™s why we gave $logKey a value.

2 options:

  • delete this line: log_message('error', sprintf(_trans($logKey), $dynamicValue));
  • change it to: log_message('error', 'Language Key not found');

With that second option you eliminated the trouble with sprintf and $logKey not being present.

In the meantime try to match the english translation file, so you can add the translation strings

12

Btw the error was the same on english settting of site. Do you know which one I have to translate to croatian?

Also I have put this log_message('error', 'Language Key not found'); and there is no error in debug log but I still cannot upload. Its not crucial to me, I am just reporting the issue.

1 Like
13

I have freshly deployed installation with English and Uploads section is not working inside Invoice

2 Likes
14

I am also having this issue attempting to attach pdf files to invoices after upgrading from v1.6.1 to v1.6.2. I am only using the English language. If I find anything useful in the logs, I will post them here.

1 Like
15

A few things to note:

  1. Removing ā€œboolā€ from this function did not work.
    private function validate_csrf(): bool

  2. If I modify the function and just add ā€˜return trueā€™ (as a test/workaround), it works.

  3. Even though it works doing #2, I cannot see the attachment when I browse back to the invoice page. It looks like the attachment was never made (although can see it in the file system and database). However, if I use the ā€˜guest urlā€™ I can see the attachment listed correctly.

1 Like
18

[quote=ā€œjplandry, post:15, topic:11515ā€].
private function validate_csrf()
[/quote]

Are you using the .zip from the website or are you using the repository?
With the repository you can do

dd($this->security->csrf_verify());

That dd(); isnā€™t in the .zip by default. If you remove the vendor directory and then run composer install youā€™ll have that function as well.

The trick is to figure out what happens right before attaching the attachment.

Since the file is on the filesystem something happens right before attaching it or uploading it, if that makes sense.

Thatā€™s where dd(); comes in.
It will dump what you want and then kill the script.

19

Thank you for your reply. Iā€™m currently using the zip from the website. Iā€™ll work on getting that setup to pull additional info.

On a side note, my implementation is probably a bit more complex than most. I have this setup in AWS using Serverless technologies. Itā€™s deployed using AWS CDK/CloudFormation which sets up the environment. The files are hosted on an AWS EFS, and web app is running via Lambda with a docker container. This setup has been working great over the years, and I can easily perform any updates using SFTP via SSH to update the app files on the EFS. Everything else still appears to be working great except for the file upload functionality after the latest upgrade.

Iā€™ll do some more testing this evening and report back any findings.

1 Like
20

I will continue testing later, but I am seeing the ā€˜upload_fileā€™ function running when I browse to an old invoice that has an attachment.

It is passing the:
if (!$this->validate_csrf()) {

But is failing on the:
if (empty($_FILES) || !isset($_FILES[ā€˜fileā€™])) {

The customerId and $url_key are correct and matches what is in the database.

If I a not trying to upload a file and only pulling up an old Invoice, why is ā€˜upload_fileā€™ called? Shouldnā€™t ā€˜show_filesā€™ be called instead (which does not appear to be called) when viewing an invoice that previously had a file attached?

1 Like
21

I need to reproduce this when i have time.

Thatā€™s quite a setup youā€™ve got going there, man!
Impressive

I think the result of that dd($something) will show up in your (live) server, so careful what youā€™re dumping there.

The dd($something); is meant for local development:

  • Shit, my file is not uploading, let me dd() whatā€™s in $_FILES, (something like that)
22

Well, at least you are able to reproduce it. :slight_smile:

I overwrite the ā€˜Upload.phpā€™ file from v1.6.1 and everything is working perfectly again (files upload and previously uploaded files appear when viewing the invoice). Iā€™ll compare the two file versions and push through changes to see if I can figure out what is causing the issue.

2 Likes