Duplicate vBulletin 4: Attachment import is messed up

K

Kirby

Well-known member
Affected version
1.6.1
XFI\Import\Importer\vBulletin4::getAttachmentsForFileDataIds

PHP: 
protected function getAttachmentsForFileDataIds(array $fileDataIds, $contentIdKey = 'postid')
{
    $fileDataIds = $this->sourceDb->quote($fileDataIds);

    return $this->sourceDb->fetchAll("
        SELECT
            attachment.attachmentid, attachment.filename, attachment.userid,
            attachment.dateline, attachment.counter,
            attachment.contentid AS {$contentIdKey},
            filedata.filedataid,
            filedata.userid AS filedata_userid
        FROM attachment AS
            attachment
        INNER JOIN filedata AS
            filedata ON (filedata.filedataid = attachment.filedataid)
        WHERE filedata.filedataid IN({$fileDataIds})
        ORDER BY filedata.filedataid
    ");
}

This method gets all attachments for the given $fileDataIds and assumes that all those attachments belong to the currently processed content type (like a forum post).
In vBulletin 4 one filedataid can be used by multiple attachments even from multiple content types.

So if for example one filedataid is used by a forum post, an album image and a blog entry this code will treat the contentid of all attachments as a postid and those might import attachments attached to wrong content.

This can quite seriously mess up imported content and pose privacy issues so should be fixed ASAP.

Suggested Fix
Pass the contenttype that is currently processed to this method and only query attachments for this content type.

Related Issues
K

Thread '\XFI\Import\Impoter\vBulletin4::getAttachmentsGroupedByFile() is using hardcoded values'

Method \XFI\Import\Impoter\vBulletin4::getAttachmentsGroupedByFile() is using hardcoded values for contentIdKey and contentType which does make it unusable for content types other than forum posts.
This seems inconsistent with other methods like \XFI\Import\Impoter\vBulletin4::getAttachmentsForFileDataIds() that can handle any content type.

It would be nice if this method could also support other content types.
K

Thread '\XFI\Import\Importer\vBulletin4::getContentTypeId() does not respect packageid'

PHP: 
protected function getContentTypeId($contentType)
{
    if (empty($this->session->extra['contentTypeId']))
    {
        $this->session->extra['contentTypeId'] = $this->sourceDb->fetchPairs("
            SELECT class, contenttypeid
            FROM contenttype
        ");
    }

    return $this->session->extra['contentTypeId'][$contentType];
}

This code does assume that field class in table contenttype is unique - this is not necessarily the case, it is only guaranteed to be unique for the package the contenttype does belong to (field packageid).

A...
 

Similar threads

Steffen
Fixed vBulletin 4.x Attachment Import: Skip unnecessary "copyFile" call
Replies
2
Views
770
Steffen
Steffen
Steffen
Fixed vBulletin 4.x Attachment Import: Regularly clean-up temporary files?
Replies
2
Views
671
Kier
Kier
Big Dan
  • Question Question
XF 1.1 vBulletin 4 Attachments import
Replies
3
Views
1K
Big Dan
Big Dan
Back
Top Bottom