Environment
| Item |
Version/Info |
| 1Panel Version |
v1.10.34-lts |
| OS |
Ubuntu 20.04.6 LTS |
| Browser |
Chrome |
| Installation Type |
Standard systemd service |
Summary
Uploading any file containing the string <?php via the 1Panel web file manager causes:
- Upload progress stuck at 100%
- Browser console shows
AxiosError: Network Error (ERR_NETWORK)
- 1Panel backend process crashes and systemd auto-restarts it
- Backend logs show:
multipart: NextPart: unexpected EOF
Steps to Reproduce
- Login to 1Panel web UI
- Navigate to Files → any directory
- Upload a file containing
<?php (e.g., api.php, or even test.php with just <?php\n// comment)
- Upload progress reaches 100% and hangs indefinitely
- After ~40s timeout, browser shows network error
journalctl -u 1panel shows process restart at crash time
Minimal Reproduction File
<?php
// This single line is enough to trigger the bug
Control Tests
| Test Case |
Result |
Empty test.php |
✅ Uploads successfully |
test.php with <?php + any content |
❌ Crashes |
Same content saved as .txt (e.g., api.txt) |
❌ Still crashes (content-dependent, not extension) |
Same content without <?php line |
✅ Uploads successfully |
index.html (no <?php) |
✅ Uploads successfully |
Logs
Browser Console
AxiosError: Network Error
code: "ERR_NETWORK"
config: {transitional: {...}, adapter: Array(3), timeout: 40000, ...}
event: ProgressEvent {isTrusted: true, lengthComputable: false, loaded: 0, total: 0, type: 'error'}
request: XMLHttpRequest {readyState: 4, timeout: 40000, withCredentials: true, ...}
Backend Log (journalctl)
Jun 30 18:28:20 tpc-control01 systemd[1]: Stopping 1Panel...
Jun 30 18:28:20 tpc-control01 systemd[1]: 1panel.service: Succeeded.
Jun 30 18:28:20 tpc-control01 systemd[1]: Started 1Panel...
Jun 30 18:28:21 tpc-control01 1panel[3562823]: [INFO] listen at http://0.0.0.0:37715 [tcp4]
Note: The crash occurs before the backend can log the actual error. The multipart: NextPart: unexpected EOF was observed in other upload attempts.
System Status at Crash Time
- Memory: 452.5M (plenty available)
- Disk: 216G free on
/
- No OOM killer involvement
- No ClamAV running
- WAF disabled during testing
Root Cause Analysis
The issue is frontend-side: the 1Panel web frontend appears to incorrectly handle the <?php string when constructing the multipart/form-data request body. Possible causes:
- Template engine interference: The frontend build system (Vue/Vite) may interpret
<?php as a template directive, corrupting the request payload
- XSS/content filtering: Frontend sanitization may strip or alter
<?php, causing Content-Length mismatch
- Boundary collision: The
<?php string may accidentally match or interfere with the multipart boundary separator
The backend crash is a secondary effect: it receives a malformed multipart body and panics during mime/multipart parsing.
Impact
- Critical: Cannot upload any PHP files via web UI
- Workaround: Use SSH/scp or edit files in-place after uploading an empty file
- Security concern: Users may resort to less secure transfer methods
Workarounds
- Upload an empty file, then use 1Panel's built-in editor to paste content
- Use
scp or rsync directly
- Base64-encode the file, upload as
.b64, then decode on server
Suggested Fix
- Review frontend file upload component's request body construction
- Ensure
<?php and similar strings are treated as opaque binary data, not parsed
- Add defensive error handling in backend multipart parser to avoid panics
- Consider adding integration tests for PHP file uploads
Related
- Go
mime/multipart package: NextPart should not panic on malformed input
Environment
Summary
Uploading any file containing the string
<?phpvia the 1Panel web file manager causes:AxiosError: Network Error(ERR_NETWORK)multipart: NextPart: unexpected EOFSteps to Reproduce
<?php(e.g.,api.php, or eventest.phpwith just<?php\n// comment)journalctl -u 1panelshows process restart at crash timeMinimal Reproduction File
Control Tests
test.phptest.phpwith<?php+ any content.txt(e.g.,api.txt)<?phplineindex.html(no<?php)Logs
Browser Console
Backend Log (journalctl)
Note: The crash occurs before the backend can log the actual error. The
multipart: NextPart: unexpected EOFwas observed in other upload attempts.System Status at Crash Time
/Root Cause Analysis
The issue is frontend-side: the 1Panel web frontend appears to incorrectly handle the
<?phpstring when constructing themultipart/form-datarequest body. Possible causes:<?phpas a template directive, corrupting the request payload<?php, causingContent-Lengthmismatch<?phpstring may accidentally match or interfere with the multipart boundary separatorThe backend crash is a secondary effect: it receives a malformed multipart body and panics during
mime/multipartparsing.Impact
Workarounds
scporrsyncdirectly.b64, then decode on serverSuggested Fix
<?phpand similar strings are treated as opaque binary data, not parsedRelated
mime/multipartpackage:NextPartshould not panic on malformed input