bsmither Posted January 19, 2017 Share Posted January 19, 2017 Regarding CC613, for stores with moderate and larger databases, having CubeCart do a database backup has the possibility of resulting in a partial backup file, PHP crashing, and you seeing a blank white screen. The problem is that the new means of reading short blips of the database and writing it to the file, opening and closing the file between blips, as a means (assuming) of staying within reasonable limits of memory consumption --- that new means is flawed. If this happens to you, please use any external database maintenance utility to make the backup of your moderate and larger database. This is only an advisory -- there will be no damage to your store files, nor to the database. An issue has been posted in the Github. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted January 19, 2017 Share Posted January 19, 2017 The old method was less reliable. I tested the new tool with a 600mb database. The test was positive and restore was positive too. I'll take a look at your findings. Thank you. Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 19, 2017 Author Share Posted January 19, 2017 Let me clarify that there is a possibility -- a slight possibility. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted January 19, 2017 Share Posted January 19, 2017 Ok cool. Building this tool with low PHP resource limits isn't easy. Let's hope we can perfect it. Tools like phpmyadmin manage. Thanks Brian Quote Link to comment Share on other sites More sharing options...
bsandall Posted January 19, 2017 Share Posted January 19, 2017 Can we not make a call to run mysqldump.exe on the desired databases / tables? It seems to me that this would be the ideal solution, as mysqldump is a tool written explicitly for this purpose and would avoid all of the issues with trying to iterate over large amounts of data in PHP. This tool is also a part of nearly all database installations - on one of my non-CubeCart sites, I wrote a cron script to automate the database backup: require_once ($_SERVER['DOCUMENT_ROOT'] === 'C:/wamp/www/' ? 'C:/wamp/www/git/site_name' : '/home/site_name') . '/public_html/includes/config.inc.php'; require_once BASE_URI . 'hidden/db_cred.inc.php'; $pass = BASE_URI . 'hidden/my.cnf'; $exe = ($_SERVER['DOCUMENT_ROOT'] === 'C:/wamp/www/' ? 'C:/wamp/bin/mysql/mysql5.6.17/bin/mysqldump' : 'mysqldump'); $day = date('N'); // Day of week as numeral: 1 (Monday) to 7 (Sunday) if ((int) $day === 7) { $date = date_parse(date('Y-m-d')); $day = 'w' . ceil($date['day'] / 7); // weekly backups maintained on rolling basis for 4 weeks } else { $day = "d$day"; // daily backups maintained on rolling basis for 1 week } $filename = escapeshellarg(BASE_URI . "hidden/backups/site_name_db-$day.sql" . (LIVE ? ".gz" : "")); $cmd = "$exe --defaults-file=$pass -h " . escapeshellarg(DB_HOST) . " -u " . escapeshellarg(DB_BACKUP_USER) . " --single-transaction " . escapeshellarg(DB_NAME) . (LIVE ? " | gzip" : "") . " > $filename"; $output = shell_exec($cmd); if (!empty($output)) { throw new \Exception("Error(s) running script db_backup.php:\n$output"); } This requires that there exist a file `my.cnf` containing the lines: [client] password=your_db_password That allows the command line to execute the mysqldump command without the user needing to input their password. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted January 19, 2017 Share Posted January 19, 2017 Possibly. The security suite recommends disabling dangerous functions like shell_exec. Quote Link to comment Share on other sites More sharing options...
bsandall Posted January 19, 2017 Share Posted January 19, 2017 True, it could potentially increase the severity of a security breach, but it does solve the problem at hand. Wish I knew of a more secure solution. Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 19, 2017 Author Share Posted January 19, 2017 Just to satisfy my curiosity: how would phpMyAdmin (a PHP app) get around the same limitations imposed on any other PHP app running in a user environment that would otherwise bork CubeCart's procedure? I think because phpMyAdmin is usually launched from within a Cpanel environment, maybe that environment has much more resources allocated to it. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted January 19, 2017 Share Posted January 19, 2017 I was thinking the same. phpMyAdmin will export large databases in a normal hosting account with typical resource limitation. Good place to look.... Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted January 22, 2017 Share Posted January 22, 2017 On 1/19/2017 at 5:30 PM, Al Brookbanks said: The security suite recommends disabling dangerous functions like shell_exec. We disable shell_exec, along with lots of other unsafe functions, on all our servers and I cannot see any responsible hosting company allowing that php function Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted January 23, 2017 Share Posted January 23, 2017 18 hours ago, havenswift-hosting said: We disable shell_exec, along with lots of other unsafe functions, on all our servers and I cannot see any responsible hosting company allowing that php function Good. I wish more did! Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted January 23, 2017 Share Posted January 23, 2017 @Al Brookbanks I cant believe any hosting company would allow that (or the other five or six common "problem functions" especially on shared servers - we switch them all off on all servers even client dedicated servers ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.