# uname -a

Switch

NotesInformatique › Hacks

Fil des billets

vendredi 15 mars 2013

Getsimple : exotic char causes website crash

Par Mathieu le vendredi 15 mars 2013, 08:29

Input sanitizing while editing pages is not efficient in GetSimple, incorrect char such as NULL or EOT corrupt XML files and crashes the CMS :

Warning: simplexml_load_string(): Entity: line 106: parser error : CData section not finished

Here is a patch :

--- admin/inc/basic.php
+++ admin/inc/basic.php
@@ -654,8 +654,15 @@
     } else {
         $text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
     }
-    $text = str_replace(chr(12), '', $text);
-    $text = str_replace(chr(3), ' ', $text);
+    $badchars = array();
+    for ($code = 0; $code < 32; $code++) {
+        $badchars[] = chr($code);
+    }
+    unset($badchars[13]);
+    unset($badchars[10]);
+    $text = str_replace($badchars, '', $text);
+    //$text = str_replace(chr(12), '', $text);
+    //$text = str_replace(chr(3), ' ', $text);
     return $text;
 }
Note that it does not fixes the corrupted XML files, it prevents the corrupted files to appear.

samedi 15 décembre 2012

UFW: ValueError: too many values to unpack

Par Mathieu le samedi 15 décembre 2012, 21:15

I was trying to use LXCs at home while using UFW.

I configured a network interface named ‘veth_something’, and to have the network bridge working I had to add a rule to UFW.

It didn’t liked it : 

  File "/usr/sbin/ufw", line 89, in <module>
    ui = ufw.frontend.UFWFrontend(pr.dryrun)
  File "/usr/lib/python2.7/dist-packages/ufw/frontend.py", line 155, in __init__
    self.backend = UFWBackendIptables(dryrun)
  File "/usr/lib/python2.7/dist-packages/ufw/backend_iptables.py", line 45, in __init__
    ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
  File "/usr/lib/python2.7/dist-packages/ufw/backend.py", line 53, in __init__
    self._read_rules()
  File "/usr/lib/python2.7/dist-packages/ufw/backend_iptables.py", line 630, in _read_rules
    (dtype, interface) = tmp[-1].split('_')
ValueError: too many values to unpack

As a consequence, I totally messed up my UFW rules, and UFW was crashing at startup.

I had to edit the rules stored in /lib/ufw/user.rules and /lib/ufw/user6.rules to fix the lignes that contained the ‘_’.

Do not use a ‘_’ on interfaces name if you plan to add UFW rules on it.

jeudi 17 mai 2012

Owncloud : could not calculate folder size

Par Mathieu le jeudi 17 mai 2012, 21:53

I recently installed Owncloud, and I already had some problems in order to make it run.

I finally managed to make it run, but I ran into an other problem today.

I tried to upload (with SSH, not with the web interface) my music collection that is bigger than 2Go, and I got the following error :

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[22003]: Numeric value out of range: 7 ERREUR:  la valeur « 2857678756 » est en dehors des limites du type integer' in /home/.../public_html/lib/db.php:527
Stack trace:
#0 /home/.../public_html/lib/db.php(527): PDOStatement->execute(Array)
#1 /home/.../public_html/lib/filestorage/local.php(326): PDOStatementWrapper->execute(Array)
#2 /home/.../public_html/lib/filestorage/local.php(295): OC_Filestorage_Local->calculateFolderSize('mathieu/files/M...')
#3 /home/.../public_html/lib/filestorage/local.php(47): OC_Filestorage_Local->getFolderSize('mathieu/files/M...')
#4 /home/.../public_html/lib/filesystem.php(573): OC_Filestorage_Local->filesize('mathieu/files/M...')
#5 /home/.../public_html/lib/filesystem.php(346): OC_Filesystem::basicOperation('filesize', '/Musique')
#6 /home/.../public_html/lib/files.php(54): OC_Filesystem::filesize('/Musique')
#7 /home/.../public_html/files/index.php(48): OC in /home/.../public_html/lib/db.php on line 527

It seemed that the Owncloud developers haven’t thought about the weird guy who had more than 2Go of Music. I changed the size of the column from integer to bigint in the PostgreSQL database (I had configured Owncloud with PostgreSQL), and the problem vanished :

ALTER TABLE foldersize ALTER size TYPE bigint ;

I hope it will help those who are stuck with this problem. I will also check if the problem is a known bug, and if it is not, I will declare it in the Owncloud bug tracker.

Thinking about it, maybe the “reasonnable” solution would be to change the value to an “unsigned int”, but it will limit the folders size to 4Go, and the problem could appear again.

EDIT : it is a known and fixed bug (in next version) : http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-296

jeudi 10 mai 2012

Owncloud : fresh install redirects https to http and cannot login

Par Mathieu le jeudi 10 mai 2012, 23:51

I have just installed the 3.0.3 version of Owncloud on a test server, to see if I can use it to “cloudify” some of my files, and I ran into an error that was not documented. After unsuccessful searches, I looked into the code and I finally figured out what was wrong.

When I tried to log in, or when I was logged if I try to modify any of the params in the web interface, the action failed silently, and the Apache logs showed 302 redirections from the page I was trying to access via POST to an other page.

Actually Owncloud uses the superglobal $_SERVER[‘HTTPS’] to guess if HTTPS is enabled. And on my webserver, maybe because I use suPHP and CGI, the $_SERVER[‘HTTPS’] was empty. So when Owncloud tried to check the referer for my POST request, it failed because it considered it was running with HTTP.

Fortunately, there is a simple workaround, as explained here : http://stackoverflow.com/a/6426731.

The key is to add the keywords “SetEnv HTTPS On” in the VirtualHost that is supposed to provide HTTPS, so that PHP could give the application the right information about SSL support.

I hope it will help those who are stuck with this error.

 

Update : I saw that this post have been referenced by a defect on the Owncloud bug tracker. In my opinion the SSL problem described here is the same in the Defect, and it’s not a Owncloud bug, it’s an Apache and/or PHP miscomprehension and/or misconfiguration problem that lead it to not giving the right informations to PHP.

I thought it was a bug, but thinking about how Owncloud handles the SSL information, and thinking about the possible reverse-proxy architecture, it it is probably not. Using $_SERVER[‘HTTPS’] is the right way to do it, Apache should be aware of SSL and give the information to PHP.

Maybe it’s a bad handling of CGI in my Debian and/or Apache and/or suPHP version.

samedi 26 novembre 2011

Git push origin master : erreur 22

Par Mathieu le samedi 26 novembre 2011, 18:04

Petite note pour eux qui ont comme moi suivi les conseils et les exemples sur Internet pour installer un serveur Git avec WebDAV, il faut savoir que c’est comme avec Subversion, le serveur WebDAV aime pas trop les protocoles loufoques (https, as-t-on idée ?), et qu’il faut lui expliquer gentiment de faire de la substitution de protocole, pour le calmer.

Bref, comme j’ai cherché pendant trois heures, je vous livre la solution à cette erreur 22, il faut expliquer à Apache de remplacer https par http lorsqu’il passe à WebDAV.

RequestHeader edit Destination ^https http early

En principe ça ne change rien sur le fait que la connexion soit chiffrée, ça calme juste le module WebDAV derrière, pour qu’il retrouve ses petits. Autre petite astuce, pour éviter que un client un peu bête ne passe sur le http parce qu’il a pas compris :

SetEnv redirect-carefully 1

Et en exclusivité mondiale, je vous livre ma configuration, au cas où ça vous serait utile :

Pour Subversion :

        SetEnv redirect-carefully 1
        RequestHeader edit Destination ^https http early
        <Directory /path/to/repos/>
                AllowOverride None
                Options Indexes
                Order allow,deny
                Allow from all
        </Directory>

        <Location /repos>
                DAV svn
                SVNPath /path/to/repos/
                SetEnv redirect-carefully 1

                AuthType Basic
                Authname "Subversion repository"
                AuthUserFile /path/to/passwd
                AuthzSVNAccessFile /path/to/authz

                # Repository accessible en lecture sans identification
                <LimitExcept GET PROPFIND OPTIONS REPORT>
                        Require valid-user
                </LimitExcept>
        </Location>

Pour Git :

        SetEnv redirect-carefully 1
        RequestHeader edit Destination ^https http early

        Alias /repos /path/to/repos

        <Directory /path/to/repos>
                AllowOverride None
                Options Indexes MultiViews
                Order allow,deny
                Allow from all
        </Directory>

        <Location /repos>
                DAV on
                SetEnv redirect-carefully 1

                AuthType Basic
                Authname "Git repository"
                AuthUserFile /path/to/repos

                #Oui, normalement là il faudrait une gestion des groupes pour read/write mais bon...
                #<LimitExcept GET PROPFIND OPTIONS REPORT>
                        Require valid-user
                #</LimitExcept>
        </Location>

- page 11 de 12 -