SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xC0\xA7\xC0\xA2%2...'

Christopher Walz · Jul 23rd 2022

Gestern war mal wieder in Bot unterwegs der folgenden Fehler im Log verursacht hat:

Code

Fri, 22 Jul 2022 18:06:27 +0000
Message: Could not execute statement 'UPDATE  wcf1_moderation_queue                 SET     additionalData = ?, lastChangeTime = ?                 WHERE   queueID = ?'
PHP version: 8.0.20
WoltLab Suite version: 5.4.20
Request URI: POST /index.php?ajax-proxy/&t=x
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Peak Memory Usage: 2909496/536870912
======
Error Class: wcf\system\database\exception\DatabaseQueryExecutionException
Error Message: Could not execute statement 'UPDATE  wcf1_moderation_queue                 SET     additionalData = ?, lastChangeTime = ?                 WHERE   queueID = ?'
Error Code: 22007
File: /foo/cms/lib/system/database/statement/PreparedStatement.class.php (144)
Extra Information: YTozOntpOjA7YToyOntpOjA7czoxNzoiUXVlcnkgUGFyYW1ldGVyIDEiO2k6MTtzOjI6IicnIjt9aToxO2E6Mjp7aTowO3M6MTc6IlF1ZXJ5IFBhcmFtZXRlciAyIjtpOjE7aToxNjU4NTEzMTg3O31pOjI7YToyOntpOjA7czoxNzoiUXVlcnkgUGFyYW1ldGVyIDMiO2k6MTtpOjE4O319
Stack Trace: [{"file":"\/foo\/cms\/lib\/data\/DatabaseObjectEditor.class.php","line":55,"function":"execute","class":"wcf\\system\\database\\statement\\PreparedStatement","type":"->","args":[["[redacted]","[redacted]","[redacted]"]]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":388,"function":"update","class":"wcf\\data\\DatabaseObjectEditor","type":"->","args":[{"additionalData":"[redacted]","lastChangeTime":"[redacted]"}]},{"file":"\/foo\/cms\/lib\/data\/moderation\/queue\/ModerationQueueAction.class.php","line":71,"function":"update","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":216,"function":"update","class":"wcf\\data\\moderation\\queue\\ModerationQueueAction","type":"->","args":[]},{"file":"\/foo\/lib\/system\/event\/listener\/ModerationQueueReportListener.class.php","line":47,"function":"executeAction","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/event\/EventHandler.class.php","line":252,"function":"execute","class":"foo\\system\\event\\listener\\ModerationQueueReportListener","type":"->","args":["wcf\\data\\moderation\\queue\\ModerationQueueReportAction","wcf\\data\\moderation\\queue\\ModerationQueueReportAction","finalizeAction",{"category":"[redacted]","email":"[redacted]","message":"[redacted]","name":"[redacted]","objectID":"[redacted]","objectType":"[redacted]"}]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":224,"function":"fireAction","class":"wcf\\system\\event\\EventHandler","type":"->","args":["wcf\\data\\moderation\\queue\\ModerationQueueReportAction","finalizeAction"]},{"file":"\/foo\/cms\/lib\/action\/AJAXProxyAction.class.php","line":92,"function":"executeAction","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AJAXInvokeAction.class.php","line":111,"function":"invoke","class":"wcf\\action\\AJAXProxyAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AbstractAction.class.php","line":53,"function":"execute","class":"wcf\\action\\AJAXInvokeAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AJAXInvokeAction.class.php","line":65,"function":"__run","class":"wcf\\action\\AbstractAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/request\/Request.class.php","line":89,"function":"__run","class":"wcf\\action\\AJAXInvokeAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/request\/RequestHandler.class.php","line":121,"function":"execute","class":"wcf\\system\\request\\Request","type":"->","args":[]},{"file":"\/foo\/index.php","line":8,"function":"handle","class":"wcf\\system\\request\\RequestHandler","type":"->","args":["foo"]}]
======
Error Class: PDOException
Error Message: SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xC0\xA7\xC0\xA2%2...' for column `wcf1_moderation_queue`.`additionalData` at row 1
Error Code: 22007
File: /foo/cms/lib/system/database/statement/PreparedStatement.class.php (126)
Extra Information: -
Stack Trace: [{"file":"\/foo\/cms\/lib\/system\/database\/statement\/PreparedStatement.class.php","line":126,"function":"execute","class":"PDOStatement","type":"->","args":[["[redacted]","[redacted]","[redacted]"]]},{"file":"\/foo\/cms\/lib\/data\/DatabaseObjectEditor.class.php","line":55,"function":"execute","class":"wcf\\system\\database\\statement\\PreparedStatement","type":"->","args":[["[redacted]","[redacted]","[redacted]"]]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":388,"function":"update","class":"wcf\\data\\DatabaseObjectEditor","type":"->","args":[{"additionalData":"[redacted]","lastChangeTime":"[redacted]"}]},{"file":"\/foo\/cms\/lib\/data\/moderation\/queue\/ModerationQueueAction.class.php","line":71,"function":"update","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":216,"function":"update","class":"wcf\\data\\moderation\\queue\\ModerationQueueAction","type":"->","args":[]},{"file":"\/foo\/lib\/system\/event\/listener\/ModerationQueueReportListener.class.php","line":47,"function":"executeAction","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/event\/EventHandler.class.php","line":252,"function":"execute","class":"foo\\system\\event\\listener\\ModerationQueueReportListener","type":"->","args":["wcf\\data\\moderation\\queue\\ModerationQueueReportAction","wcf\\data\\moderation\\queue\\ModerationQueueReportAction","finalizeAction",{"category":"[redacted]","email":"[redacted]","message":"[redacted]","name":"[redacted]","objectID":"[redacted]","objectType":"[redacted]"}]},{"file":"\/foo\/cms\/lib\/data\/AbstractDatabaseObjectAction.class.php","line":224,"function":"fireAction","class":"wcf\\system\\event\\EventHandler","type":"->","args":["wcf\\data\\moderation\\queue\\ModerationQueueReportAction","finalizeAction"]},{"file":"\/foo\/cms\/lib\/action\/AJAXProxyAction.class.php","line":92,"function":"executeAction","class":"wcf\\data\\AbstractDatabaseObjectAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AJAXInvokeAction.class.php","line":111,"function":"invoke","class":"wcf\\action\\AJAXProxyAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AbstractAction.class.php","line":53,"function":"execute","class":"wcf\\action\\AJAXInvokeAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/action\/AJAXInvokeAction.class.php","line":65,"function":"__run","class":"wcf\\action\\AbstractAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/request\/Request.class.php","line":89,"function":"__run","class":"wcf\\action\\AJAXInvokeAction","type":"->","args":[]},{"file":"\/foo\/cms\/lib\/system\/request\/RequestHandler.class.php","line":121,"function":"execute","class":"wcf\\system\\request\\Request","type":"->","args":[]},{"file":"\/foo\/index.php","line":8,"function":"handle","class":"wcf\\system\\request\\RequestHandler","type":"->","args":["foo"]}]

Display More

Ausgelöst wird der Fehler in einem EL von mir:

Code

        <eventlistener name="moderationQueueReport">
            <eventclassname>wcf\data\moderation\queue\ModerationQueueReportAction</eventclassname>
            <eventname>finalizeAction</eventname>
            <listenerclassname>foo\system\event\listener\ModerationQueueReportListener</listenerclassname>
        </eventlistener>

PHP

<?php

class ModerationQueueReportListener implements IParameterizedEventListener {
    /**
     * @inheritDoc
     */
    public function execute($eventObj, $className, $eventName, array &$parameters) {
        if ($eventObj->getActionName() === 'report') {
            // update report with additional data
            $parameters = $eventObj->getParameters();

            // get the report, since its not available in $eventObj...
            $objectTypeID = ModerationQueueReportManager::getInstance()->getObjectTypeID($parameters['objectType']);

            $sql = "SELECT *
            FROM    wcf".WCF_N."_moderation_queue
            WHERE    objectTypeID = ?
                AND objectID = ?";
            $statement = WCF::getDB()->prepareStatement($sql);
            $statement->execute([
                $objectTypeID,
                $parameters['objectID']
            ]);

            $report = $statement->fetchObject(ModerationQueue::class);

            // update the additional data with all parameters
            (new ModerationQueueAction([$report], 'update', [
                'data' => [
                    'additionalData' => serialize($parameters)
                ]
            ]))->executeAction();
        }
    }
}

Display More

Die Spalte additionalData hat die utf8mb4_unicode_ci Kollation, was ja eigl. standardmäßig das Problem bei dieser Art von Fehler ist.

Hat hier jmd. noch eine Idee, wie ich diesen Fehler abfangen kann?

**Alexander Ebert** · Jul 23rd 2022

Quote from Christopher Walz

Error Message: SQLSTATE[22007]: Invalid datetime format

Welchen Spaltentyp hat additionalData bei dir?

Christopher Walz · Jul 23rd 2022

Das sollte so schon passen, weswegen mich der Fehler auch etwas verwirrt. Es war definitiv ein böser Bot / Angriff (wie auch immer man es nennen will), da auch andere SQL-Injections getestet wurden.

Ich hab auch mal absichtlich Emojis (z.B. 😀) eingefügt, kann den Fehler aber manuell nicht reproduzieren.

**Tim Düsterhus** · Jul 25th 2022

Hallo,

der Fehler entsteht, wenn der Wert keine gültige UTF-8-Sequenz ist. Strings sind in PHP Bytestrings und entsprechend nicht notwendigerweise gültiges UTF-8.

Quote from Christopher Walz

Das sollte so schon passen,

Jein. Für Spalten mit serialisierten Daten sollte eigentlich eher eine BLOB-Spalte genutzt werden (und wird es auch in neuerem Code, beispielsweise WebAuthn oder die neuen Sessions), aber das verschiebt das Problem potentiell nur, weil anderer Code dann nicht darauf vorbereitet ist, kein gültiges UTF-8 zu haben.

Christopher Walz · Jul 25th 2022

Quote from Tim Düsterhus

wenn der Wert keine gültige UTF-8-Sequenz ist.

Hast du mir hier einen Beispiel "Text" mit dem ich das lokal mal nachtesten kann? Und wie kann ich das Problem letztendlich abfangen?

Danke!

**Tim Düsterhus** · Jul 25th 2022

Hallo,

Quote from Christopher Walz

Hast du mir hier einen Beispiel "Text" mit dem ich das lokal mal nachtesten kann?

im Endeffekt wirst du vermutlich einfach irgendwas beliebiges aus random_bytes ziehen können. Ansonsten siehe hier: https://de.wikipedia.org/wiki/…_Bytes_und_ihre_Bedeutung

Quote from Christopher Walz

Und wie kann ich das Problem letztendlich abfangen?

Im simpelsten Fall einfach ein try-catch, das den Fehler ignoriert. Ich weiß ja nicht, was du mit deinem Event-Listener genau vor hast.

Morik · Jul 25th 2022

Würde es nicht Sinn ergeben ein StringUtil::istUTF8($string) zur Validierung zu verwenden ?

**Tim Düsterhus** · Jul 25th 2022

Hallo,

Quote from Morik

Würde es nicht Sinn ergeben ein StringUtil::istUTF8($string) zur Validierung zu verwenden ?

kommt drauf an. So wie der Event-Listener aussieht, ist der Fehler ohnehin nicht wirklich aktionierbar.

SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xC0\xA7\xC0\xA2%2...'

Participate now!

Share

Similar Threads

Täglicher Fehlercode gibt Rätsel auf

Installation von menuItem schlägt fehl

Users Viewing This Thread