RuntimeException: Could not send site statistics to remote server: Invalid data submission.

[chmst]

Steps to reproduce the issue

The statistics Plugin throws this messag at first login to the backend of different sites.
It affects sites where the user accepted to send statistic data after installation.
Not sure when I noticed this at the first time, maybe since J4.2? I had this on localhost under xampp and thought that it is caused by a misconfiguration of my environment.

But now i see it reported from different users and also on own sites which are in a subdomain.

Expected result

No error message

Actual result

RuntimeException: Could not send site statistics to remote server: Invalid data submission.

System information (as much as possible)

PHP 8.2 or higher
online on subdomains and on localhost under xampp (win11)

Additional comments

In my application it affects only sites which are transferred via akeeba backup, no clue if this is relevant.

[brianteeman]

is the value of $secret unique across the sites?

[alikon]

got the same

with a request like this

in my case the problem arise from https://github.com/joomla/statistics-server
i suspect don't validate the input in some circumstances

https://github.com/joomla/statistics-server/blob/4e8bcaa164b5002683ed131fcc137be7f9950dcf/src/Controllers/SubmitDataController.php#L100-L138

    // Validate the submitted data
    $data['php_version'] = $this->checkPHPVersion($data['php_version']);
    $data['cms_version'] = $this->checkCMSVersion($data['cms_version']);
    $data['db_type']     = $this->checkDatabaseType($data['db_type']);
    $data['db_version']  = $this->validateVersionNumber($data['db_version']);


    // We require at a minimum a unique ID and the CMS version
    if (empty($data['unique_id']) || (empty($data['cms_version']) && $data['cms_version'] !== false)) {
        $this->getApplication()->getLogger()->info(
            'Missing required data from request.',
            ['postData' => $originalData]
        );


        /** @var JsonResponse $response */
        $response = $this->getApplication()->getResponse();
        $response = $response->withPayload(
            [
                'error'   => true,
                'message' => 'There was an error storing the data.',
            ]
        );
        $response = $response->withStatus(500);


        $this->getApplication()->setResponse($response);


        return true;
    }


    // If the below data does not pass tests, we do not accept the POST
    if ($data['php_version'] === false || $data['cms_version'] === false || $data['db_type'] === false || $data['db_version'] === false) {
        /** @var JsonResponse $response */
        $response = $this->getApplication()->getResponse();
        $response = $response->withPayload(
            [
                'error'   => true,
                'message' => 'Invalid data submission.',
            ]
        );
        $response = $response->withStatus(500);

[chmst]

is the value of $secret unique across the sites?

Indeed, good idea. I changed the secret Key in one of the sites before first login and the message did not appear.