[prev in list] [next in list] [prev in thread] [next in thread]
List: mapbender-users
Subject: Re: [Mapbender-users] Cannot change application security permissions after mapbender update
From: <david.patzke () wheregroup ! com>
Date: 2021-06-18 8:21:49
Message-ID: 00c201d7641a$fd759db0$f860d910$ () wheregroup ! com
[Download RAW message or body]
This is a multipart message in MIME format.
[Attachment #2 (multipart/alternative)]
This is a multipart message in MIME format.
Hi Joel,
you have to option. First you could edit the file app_dev.php with a shell-based \
Editor like vi or nano and remove temporally the lines 12-18:
if (isset($_SERVER['HTTP_CLIENT_IP'])
|| isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))
) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for \
more information.');
}
Then you can open the dev controller from everywhere. Please be advised that this is \
a huge security risk, cause error pages in this mode will leak sensitive information! \
So, you have to reenable this security feature afterwards! Second options would be to \
tunnel the http port of your server to your local machine via ssh. Then you can open \
the application from your machine.
Best regards David
Von: Mapbender_users <mapbender_users-bounces@lists.osgeo.org> Im Auftrag von Joel \
Blizzard
Gesendet: Thursday, June 17, 2021 11:38 PM
An: astrid.emde@wheregroup.com; Mapbender User List <mapbender_users@lists.osgeo.org>
Betreff: Re: [Mapbender-users] Cannot change application security permissions after \
mapbender update
Did you try doing an install and then an upgrade?
php version is PHP 7.2.24-0ubuntu0.18.04.7
Unfortunately I cannot run dev mode, as this is running on a cloud hosted server that \
I do not have a GUI on. Is there a way to run it from a system other than localhost?
I looked in the documentation and it says " Symfony offers a developer mode with lot \
of information about your application (logging, exceptions, database queries, memory \
usage, time and more). This mode is only available from localhost."
On Thu, Jun 17, 2021 at 1:07 AM Astrid Emde (WhereGroup) <astrid.emde@wheregroup.com \
<mailto:astrid.emde@wheregroup.com> > wrote:
Hello Joel,
I can not reproduce the error. Everything works fine at my installation.
Did you try the app_dev.php mode too?
What is your php version?
Astrid
Am 2021-06-14 22:08, schrieb Joel Blizzard:
> In upgrading from Mapbender 3.2.3 to 3.2.5 I no longer have the
> ability to adjust security settings on the applications I've created.
>
> So if I go into an application, and go to the "Security" tab, if I try
> to remove public access, or add a user to the list, or make any kind
> of change to existing permissions for an application, when I click
> Save, I get an internal 500 error.
>
> When I look at my logs on the server, I see this error:
>
> [php7:notice] [pid 4589] [client <IPaddress>:63695] PHP Notice:
> Undefined offset: 2 in
> /var/www/mapbender/vendor/symfony/security-acl/Dbal/MutableAclProvider.php
> on line 981
>
> That is referring to this section of MutableAclProvider.php:
> Line 981 is the one that says "$ace = $old[$i]"
>
> private function updateOldFieldAceProperty($name, array $changes)
> {
> $currentIds = array();
> foreach ($changes[1] as $field => $new) {
> for ($i = 0, $c = count($new); $i < $c; ++$i) {
> $ace = $new[$i];
>
> if (null !== $ace->getId()) {
> $currentIds[$ace->getId()] = true;
> }
> }
> }
>
> foreach ($changes[0] as $old) {
> for ($i = 0, $c = count($old); $i < $c; ++$i) {
> $ace = $old[$i];
>
> if (!isset($currentIds[$ace->getId()])) {
>
> $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
> unset($this->loadedAces[$ace->getId()]);
> }
> }
> }
> }
>
> Can anyone assist me in figuring out what's gone wrong here?
>
> Thank you!
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users@lists.osgeo.org <mailto:Mapbender_users@lists.osgeo.org>
> https://lists.osgeo.org/mailman/listinfo/mapbender_users
--
Mit freundlichen Grüßen
Astrid Emde
GIS-Consultant
*************************************************************************
Aufbau von Geodateninfrastrukturen mit Open-Source-Software
FOSS Academy 5 Tage-Kompaktkurs „Sommerschule 2021"
Jetzt anmelden: https://foss-academy.com/kompaktkurse/
*************************************************************************
Astrid Emde
WhereGroup GmbH
Eifelstraße 7
53119 Bonn
Germany
Fon: +49(0)228 90 90 38 - 22
Fax: +49(0)228 90 90 38 - 11
astrid.emde@wheregroup.com <mailto:astrid.emde@wheregroup.com>
www.wheregroup.com <http://www.wheregroup.com>
Meinen PGP Public-Key können Sie unter pgp.mit.edu <http://pgp.mit.edu> \
herunterladen:
https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB
Signierte und/oder verschlüsselte Nachrichten sind sehr willkommen
Folgen Sie der WhereGroup auf twitter:
http://twitter.com/WhereGroup_com
Geschäftsführer:
Olaf Knopp, Peter Stamm
Amtsgericht Bonn, HRB 9885
-------------------------------_______________________________________________
Mapbender_users mailing list
Mapbender_users@lists.osgeo.org <mailto:Mapbender_users@lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/mapbender_users
[Attachment #5 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type \
content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 \
(filtered medium)"><style><!-- /* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 70.85pt 56.7pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple \
style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span \
style='mso-fareast-language:EN-US'>Hi Joel,<o:p></o:p></span></p><p \
class=MsoNormal><span \
style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>you have to \
option. First you could edit the file app_dev.php with a shell-based Editor like vi \
or nano and remove temporally the lines 12-18:<br> <o:p></o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>if \
(isset($_SERVER['HTTP_CLIENT_IP'])<o:p></o:p></span></p><p class=MsoNormal><span \
lang=EN-US style='mso-fareast-language:EN-US'> || \
isset($_SERVER['HTTP_X_FORWARDED_FOR'])<o:p></o:p></span></p><p class=MsoNormal><span \
lang=EN-US style='mso-fareast-language:EN-US'> || \
!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', \
'::1'))<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='mso-fareast-language:EN-US'>) {<o:p></o:p></span></p><p class=MsoNormal><span \
lang=EN-US style='mso-fareast-language:EN-US'> header('HTTP/1.0 403 \
Forbidden');<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='mso-fareast-language:EN-US'> exit('You are not allowed to access this \
file. Check '.basename(__FILE__).' for more information.');<o:p></o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='mso-fareast-language:EN-US'>}<o:p></o:p></span></p><p class=MsoNormal><span \
lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Then you can open \
the dev controller from everywhere. Please be advised that this is a huge security \
risk, cause error pages in this mode will leak sensitive information! So, you have to \
reenable this security feature afterwards! Second options would be to tunnel the http \
port of your server to your local machine via ssh. Then you can open the application \
from your machine. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Best regards \
David<o:p></o:p></span></p><div style='border:none;border-top:solid #E1E1E1 \
1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span \
lang=EN-US>Von:</span></b><span lang=EN-US> Mapbender_users \
<mapbender_users-bounces@lists.osgeo.org> <b>Im Auftrag von </b>Joel \
Blizzard<br><b>Gesendet:</b> Thursday, June 17, 2021 11:38 PM<br><b>An:</b> \
astrid.emde@wheregroup.com; Mapbender User List \
<mapbender_users@lists.osgeo.org><br><b>Betreff:</b> Re: [Mapbender-users] \
Cannot change application security permissions after mapbender \
update<o:p></o:p></span></p></div><p class=MsoNormal><span \
lang=EN-US><o:p> </o:p></span></p><div><div><p class=MsoNormal>Did you try doing \
an install and then an upgrade?<o:p></o:p></p></div><div><p \
class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>php version is PHP \
7.2.24-0ubuntu0.18.04.7<o:p></o:p></p></div><div><p \
class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Unfortunately I \
cannot run dev mode, as this is running on a cloud hosted server that I do not have a \
GUI on. Is there a way to run it from a system other than \
localhost?<o:p></o:p></p></div><div><p class=MsoNormal>I looked in the documentation \
and it says " Symfony offers a developer mode with lot of information about your \
application (logging, exceptions, database queries, memory usage, time and more). \
This mode is only available from localhost."<o:p></o:p></p></div></div><p \
class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Thu, Jun 17, \
2021 at 1:07 AM Astrid Emde (WhereGroup) <<a \
href="mailto:astrid.emde@wheregroup.com">astrid.emde@wheregroup.com</a>> \
wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC \
1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p \
class=MsoNormal>Hello Joel,<br><br>I can not reproduce the error. Everything works \
fine at my installation.<br><br>Did you try the app_dev.php mode too?<br><br>What is \
your php version?<br><br>Astrid<br><br>Am 2021-06-14 22:08, schrieb Joel \
Blizzard:<br>> In upgrading from Mapbender 3.2.3 to 3.2.5 I no longer have \
the<br>> ability to adjust security settings on the applications I've \
created.<br>> <br>> So if I go into an application, and go to the \
"Security" tab, if I try<br>> to remove public access, or add a user to \
the list, or make any kind<br>> of change to existing permissions for an \
application, when I click<br>> Save, I get an internal 500 error.<br>> <br>> \
When I look at my logs on the server, I see this error:<br>> <br>> \
[php7:notice] [pid 4589] [client <IPaddress>:63695] PHP Notice:<br>> \
Undefined offset: 2 in<br>> \
/var/www/mapbender/vendor/symfony/security-acl/Dbal/MutableAclProvider.php<br>> on \
line 981<br>> <br>> That is referring to this section of \
MutableAclProvider.php:<br>> Line 981 is the one that says "$ace = \
$old[$i]"<br>> <br>> private function updateOldFieldAceProperty($name, \
array $changes)<br>> {<br>> \
$currentIds = array();<br>> foreach \
($changes[1] as $field => $new) {<br>> \
for ($i = 0, $c = count($new); $i < $c; ++$i) {<br>> \
$ace = $new[$i];<br>> <br>> \
if (null !== $ace->getId()) \
{<br>> \
$currentIds[$ace->getId()] = true;<br>> \
}<br>> \
}<br>> }<br>> <br>> \
foreach ($changes[0] as $old) {<br>> \
for ($i = 0, $c = count($old); $i < $c; ++$i) \
{<br>> $ace = \
$old[$i];<br>> <br>> \
if (!isset($currentIds[$ace->getId()])) {<br>> <br>> \
$this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));<br>> \
\
unset($this->loadedAces[$ace->getId()]);<br>> \
}<br>> \
}<br>> }<br>> \
}<br>> <br>> Can anyone assist me in figuring out what's gone wrong \
here?<br>> <br>> Thank you!<br>> \
_______________________________________________<br>> Mapbender_users mailing \
list<br>> <a href="mailto:Mapbender_users@lists.osgeo.org" \
target="_blank">Mapbender_users@lists.osgeo.org</a><br>> <a \
href="https://lists.osgeo.org/mailman/listinfo/mapbender_users" \
target="_blank">https://lists.osgeo.org/mailman/listinfo/mapbender_users</a><br><br>-- \
<br>Mit freundlichen Grüßen<br><br>Astrid \
Emde<br>GIS-Consultant<br><br>*************************************************************************<br>Aufbau \
von Geodateninfrastrukturen mit Open-Source-Software<br>FOSS Academy 5 \
Tage-Kompaktkurs „Sommerschule 2021"<br>Jetzt anmelden: <a \
href="https://foss-academy.com/kompaktkurse/" \
target="_blank">https://foss-academy.com/kompaktkurse/</a><br>*************************************************************************<br> \
Astrid Emde<br> WhereGroup GmbH<br> Eifelstraße \
7<br> 53119 Bonn<br> Germany<br><br> Fon: \
+49(0)228 90 90 38 - 22<br> Fax: +49(0)228 90 90 38 - 11<br><br> \
<a href="mailto:astrid.emde@wheregroup.com" \
target="_blank">astrid.emde@wheregroup.com</a><br> <a \
href="http://www.wheregroup.com" target="_blank">www.wheregroup.com</a><br><br> \
Meinen PGP Public-Key können Sie unter <a href="http://pgp.mit.edu" \
target="_blank">pgp.mit.edu</a> herunterladen:<br><br><a \
href="https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB" \
target="_blank">https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB</a><br> \
Signierte und/oder verschlüsselte Nachrichten sind sehr \
willkommen<br><br> Folgen Sie der WhereGroup auf twitter:<br> \
<a href="http://twitter.com/WhereGroup_com" \
target="_blank">http://twitter.com/WhereGroup_com</a><br><br> \
Geschäftsführer:<br> Olaf Knopp, Peter Stamm<br> \
Amtsgericht Bonn, HRB \
9885<br>-------------------------------_______________________________________________<br>Mapbender_users \
mailing list<br><a href="mailto:Mapbender_users@lists.osgeo.org" \
target="_blank">Mapbender_users@lists.osgeo.org</a><br><a \
href="https://lists.osgeo.org/mailman/listinfo/mapbender_users" \
target="_blank">https://lists.osgeo.org/mailman/listinfo/mapbender_users</a><o:p></o:p></p></blockquote></div></div></body></html>
_______________________________________________
Mapbender_users mailing list
Mapbender_users@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/mapbender_users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic