Fixed InvalidArgumentException on requests to "/login/keep-alive" after applying the 2.2.16 security fix

Steffen

Steffen

Well-known member
Affected version
2.2.15 + Security Fix
I've just applied the security fix (no full upgrade to 2.2.16 yet) and now this error is logged every few seconds.

InvalidArgumentException: Class does not match formatter pattern %s\%s\View\%s src/XF.php:1135
Generated by: Unknown account Jun 5, 2024 at 6:03 PM

Stack trace
Code: 
#0 src/XF/App.php(1701): XF::stringToClass('', '%s\\%s\\View\\%s', 'Pub')
#1 src/XF/Container.php(234): XF\App->XF\{closure}('', Array, Object(XF\Container))
#2 src/XF/Container.php(247): XF\Container->create('view', '', Array)
#3 src/XF/Mvc/Renderer/AbstractRenderer.php(82): XF\Container->XF\{closure}('', Array)
#4 src/XF/Mvc/Renderer/AbstractRenderer.php(90): XF\Mvc\Renderer\AbstractRenderer->createViewObject('', '', Array)
#5 src/XF/Mvc/Renderer/Json.php(65): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('', '', Array)
#6 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Json->renderView('', '', Array)
#7 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#8 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#9 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'json')
#10 src/XF/App.php(2519): XF\Mvc\Dispatcher->run()
#11 src/XF.php(535): XF\App->run()
#12 index.php(20): XF::runApp('XF\\Pub\\App')
#13 {main}

Request state
Code: 
array(4) {
  ["url"] => string(23) "/forum/login/keep-alive"
  ["referrer"] => string(96) "https://example.org/threads/thread-title.123456/"
  ["_GET"] => array(1) {
    ["/forum/login/keep-alive"] => string(0) ""
  }
  ["_POST"] => array(2) {
    ["_xfResponseType"] => string(4) "json"
    ["_xfToken"] => string(8) "********"
  }
}
 
Re-apply the patch from the announcement thread. It changed slightly. The release version was patched but the announcement thread wasn't updated until after the release. You must have got in there before the edit.

It's just this bit that was added:

PHP: 
if (!$string) return '';
 
You will already have the update that fixes this. It was rolled out automatically.

However, upon inspection of your error log, it would appear that you have a specific add-on installed that is now generating similar errors.

Unfortunately, this is a rare case whereby we may have introduced a breaking change. We're unable to adjust the changes we have made without compromising the security fix we put into place, and therefore the onus would unfortunately have to be on the developer themselves to resolve this.

To be clear, this is actually fundamentally a bug in the add-on itself anyway, it's just our changes have surfaced this.

Code: 
Class group-actions\Events does not match formatter pattern %s\%s\View\%s

group-actions\Events is not a valid class name and does contradict many of our conventions, though it should be a simple fix. I believe even just changing these view class names to something like GroupActions:Events may fix it, though hopefully the developer themselves will have a better idea of what to do, or they can seek support on the forum if they need it.
 
Chris D said:
You will already have the update that fixes this. It was rolled out automatically.

However, upon inspection of your error log, it would appear that you have a specific add-on installed that is now generating similar errors.

Unfortunately, this is a rare case whereby we may have introduced a breaking change. We're unable to adjust the changes we have made without compromising the security fix we put into place, and therefore the onus would unfortunately have to be on the developer themselves to resolve this.

To be clear, this is actually fundamentally a bug in the add-on itself anyway, it's just our changes have surfaced this.

Code: 
Class group-actions\Events does not match formatter pattern %s\%s\View\%s

group-actions\Events is not a valid class name and does contradict many of our conventions, though it should be a simple fix. I believe even just changing these view class names to something like GroupActions:Events may fix it, though hopefully the developer themselves will have a better idea of what to do, or they can seek support on the forum if they need it.
Click to expand...

Thanks Chris, did you by chance noticed what addon is responsible for this issue?
 
Not specifically. I had hoped the group-actions bit might be a clue but I’m not familiar with what that add-on would be exactly.
 
So, much like I already mentioned, that would have been fixed on Wednesday. The errors should have stopped. If they haven't stopped, the errors will be similar but probably in this case caused by an add-on. There is likely not much we can do, and it's actually a bug from an add-on that is now being exposed.

If you can let us know specifically what the error message and stack trace is we can confirm.

Or, if the errors have stopped completely, then it was likely just the initial bug in our own code that has since been fixed for you.
 
Your error log has been cleared so I can't see the messages for myself, but I note your community uses Tapatalk so chances are the errors could be coming from there.
 
Chris D said:
Your error log has been cleared so I can't see the messages for myself, but I note your community uses Tapatalk so chances are the errors could be coming from there.
Click to expand...

Disabled Tapatalk for several hours, didn't do the trick, error reappeared.

Will keep trying to pinpoint the addon.
 

Similar threads

S
  • Question Question
XF 2.2 10,000s of daily requests to "forum/login/keep-alive"
Replies
12
Views
530
digitalpoint
digitalpoint
Back
Top Bottom