Bug in Analytics tracking code

The Analytics tracking code inserts the code so far so good. The problem is that it inserts the code into any downloadable file which contains "<body ". Unfortunately this corrupts the downloads. Wouldn't be possible to check the mime type or so, before changing the content?

Status: 
Closed (fixed)

Comments

The code does check the MIME type, but unfortunately it isn't always available from Apache - also it checks the file extension in the URL, and doesn't touch files like .gif , .png or .swf.

What is the filename you are having this problem with?

attached an example (please rename to .zip)

That's odd, as the analytics feature should exclude ZIP files completely.

What is the actual URL of the problem page or file?

I think the problem is that the file is not directly accessed via Apache. The file is output via PHP, which your code doesn't capture apparently?

Here is the code that generates the file:

// set header
        header("Pragma: public");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Expires: 0");
        header("Content-Transfer-Encoding: binary");
header('Content-Type: '.$type);
header('Content-Disposition: attachment;'
  .' filename="'.$name.'";'
  .' modification-date="'.$mod.'";'
  .' size='.$size.';');
        header("Content-Length: ".$size);

// output file
$handle = fopen($file, 'rb');
fpassthru($handle);
fclose($handle);

Ok, that would explain it.

One work-around is to use a path like :

/dir/script.php/file.zip

to refer to this PHP script that outputs a ZIP file. This will let the analytics plugin know that its in zip format and so shouldn't be touched..

Unfortunately this is not possible, because it is not my code. I just use a CMS with extensions :-) And I guess this was just one example where the plugin could go wrong?

And of course virtualmin is used by companies to host many websites that install CMS? I guess those are not aware that this feature could potentially corrupt anything that is not "purely filebased" and contains certain patterns.

If this bug can not be fixed at least there should be some kind of warning :-)

Could you tell me more about the CMS you are using, and how you are downloading a file from it?

I'd like to see if there is some way to handle this situation..

For example Joomla with the Zoo extension (a Content Constructions Kit, "like Drupal"). With this component you can add downloads (you saw the code).

Here is an example with a few download links http://www.yootheme.com/zoo/app-bundle/download-archive/frontpage

Joomla and Zoo can be downloaded for free.

But in general a lot of applications do the same.

Ok, thanks .. I did some more investigation, and found a way to detect the page content type properly in this situation. The fix will be included in the next release of the analytics plugin (2.6).

Let me know if you'd like a pre-release version to try out.

seems to look ok for that case.

But I noticed that you didn't add an option to add custom javascript :-)

The custom javascript feature will be coming later :-)

Automatically closed -- issue fixed for 2 weeks with no activity.

I tested this in version 3.84 gpl. It looks like the bug is still there. The plugin corrupts downloads if they contain the end or start pattern etc ...

The fix for this isn't in the virtualmin package, but in the separate plugin package for analytics. We haven't released this yet .. but I can send you a pre-release if you like?

Ok, that makes sense of course. I can wait until you guys release it (hopefully soon :-)

I can send you a pre-release if you like?

Sorry for reopening, but when do you guys release the new version? The current version contains a serious and probably corrupted thousands of downloads of unknowing vm users already :-)

It should come out at the same time as the 3.85 virtualmin release, in a few days ..

Fortunately most users aren't effected, as they don't serve files via PHP.