[sr #110988] (wishlist) more php warnings

2023-12-26 Thread Jing Luo 
Follow-up Comment #6, sr#110988 (group administration):

Another one:

[Tue Dec 26 20:42:47.401643 2023] [proxy_fcgi:error] [pid 67929:tid
140014675506880] [remote 240b::] AH01071: Got error 'PHP message:
/usr/local/share/savane/frontend/php/include/sane.php:421: [E_WARNING]
foreach() argument must be of type array|object, string given
backtrace:
{

}
request params _SERVER: ['REQUEST_URI' => '/account/login.php',
'QUERY_STRING' => '',
'REQUEST_METHOD' => 'POST']
POST: ['uri' => '/',
'form_loginname' => 'drop_database',
'form_pw' => '+K$EEiU39v4SUL=',
'login' => 'Login',
'website' => 'http://']
',

And then a big one spamming error.log, referer: project/admin/useradmin.php,
trimming a part of the message:

[Sat Dec 23 15:46:01.483458 2023] [proxy_fcgi:error] [pid 17677:tid
140014725863104] [remote 240b::] AH01071: Got error '; PHP message:
/usr/local/share/savane/frontend/php/project/admin/userperms.php:621:
[E_WARNING] Trying to access array offset on value of type
null\nbacktrace:\n{\n/usr/local/share/savane/frontend/php/project/admin/userperms.php:721:print_group_posting_defaults('105',
Group Object\n(\n[error_state] => \n[error_messag
e] => \n[data_array] => Array\n(\n[0] => 105\n
   [group_id] => 105\n[1] => savane testing 1\n   
[group_name] => savane testing 1\n[2] => 2\n[type] =>
2\n 
   [3] => 1\n[is_public] => 1\n[4] => A\n 
  [status] => A\n[5] => svtest1\n[unix_group_name] =>
svtest1\n[6] => 70001\n[gidNumber] => 70001\n 

  [7] => testing\n[short_description] => testing\n[8]
=> gplv3orlater\n[license] => gplv3orlater\n[9] =>
Test
1sssFDDDdddxs\n  

   ...; PHP message:
/usr/local/share/savane/frontend/php/project/admin/userperms.php:621:
[E_WARNING] Trying to access array offset on value of type
null\nbacktrace:\n{\n/usr/local/share/savane/frontend/php/project/admin/userperms.
php:721:print_group_posting_defaults('105', Group Object\n(\n[error_state]
=> \n[error_message] => \n[data_array] => Array\n(\n  
 [0] => 105\n[group_id] => 105\n[1] => savane testing

1\n[group_name] => savane testing 1\n[2] => 2\n   
[type] => 2\n[3] => 1\n[is_public] => 1\n 
  [4] => A\n[status] => A\n[5] => svtest1\n  

 [unix_group_name] => svtest1\n[6] => 70001\n   
[gidNumber] => 70001\n[7] => testing\n   
[short_description] => testing\n[8] => gplv3orlater\n   
[license] => gplv3orlater\n 
   [9] => Test
1sssFDDDdddxs\n   
  ...; PHP message:
/usr/local/share/savane/frontend/php/project/admin/userperms.php:621:
[E_WARNING] Trying to access array offse
t on value of type
null\nbacktrace:\n{\n/usr/local/share/savane/frontend/php/project/admin/userperms.php:721:print_group_posting_defaults('105',
Group Object\n(\n[error_state] => \n[error_message] => \n   
[data_array] => Array\
n(\n[0] => 105\n[group_id] => 105\n   
[1] => savane testing 1\n[group_name] => savane testing 1\n   
[2] => 2\n[type] => 2\n[3] => 1\n   
[is_p
ublic] => 1\n[4] => A\n[status] => A\n[5]
=> svtest1\n[unix_group_name] => svtest1\n[6] =>
70001\n[gidNumber] => 70001\n[7] => testing\n 
  [sho
rt_description] => testing\n[8] => gplv3orlater\n   
[license] => gplv3orlater\n[9] => Test
1sssFDDDdddxs\n   
  ...;

Can this be avoided? I can see from the database there are lots of fields with
NULL.



___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.nongnu.org/

[sr #110993] Cvs.pm: bad cvs permission setup

2023-12-26 Thread Jing Luo 
URL:
  

 Summary: Cvs.pm: bad cvs permission setup
   Group: Savannah Administration
   Submitter: jing
   Submitted: Tue 26 Dec 2023 10:00:52 PM JST
Category: Savane
Priority: 5 - Normal
Severity: 5 - Blocker
  Status: None
 Assigned to: None
Originator Email: 
Operating System: None
 Open/Closed: Open
 Discussion Lock: Any


___

Follow-up Comments:


---
Date: Tue 26 Dec 2023 10:00:52 PM JST By: Jing Luo 
Hi,

Cvs.pm has one line in sub setup_cvs_permissions:

  # Seal CVSROOT dir; 2775 on the top dir allows group members
  # with local access to rename CVSROOT and replace it with
  # their own.
  system ('chmod', '-R', 'a-w', "$dir_cvs/CVSROOT/");

This will cause the CVSROOT to be read only, effectively cancelling all
previous permission setup. The symptom includes cvs history not writable when
committing:

> cvs commit: warning: cannot open history file `$dir_cvs/CVSROOT/history' for
write: Permission denied

The comment mentions "2775 on the top dir allows group members with local
access to rename CVSROOT and replace it with their own", which is not true,
because we already have this in sub make_cvs_directory:

  # Make the CVSROOT ro for anybody; doing otherwise is a major security
hole:
  # ancient versions of pserver, if ran as root, can be set to give root
  # access using the CVSROOT/passwd file; you also basically give local
  # access if you allow people to modify the hooks.
  system ('chown', '-R', 'root:root', "$dir_cvs/CVSROOT");
  system ('chmod', '755', "$dir_cvs/CVSROOT");

So, the solution would be either delete the line "system ('chmod', '-R',
'a-w', "$dir_cvs/CVSROOT/");" completely, or remove "-R" option.








___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.nongnu.org/

[sr #110988] (wishlist) more php warnings

2023-12-26 Thread Jing Luo 
Follow-up Comment #7, sr#110988 (group administration):

another one:

AH01071: Got error 'PHP message:
/usr/local/share/savane/frontend/php/include/account.php:188: [E_DEPRECATED]
preg_match(): Passing null to parameter #2 ($subject) of type string is
deprecated
backtrace:
{
/usr/local/share/savane/frontend/php/project/admin/squadadmin.php:76:account_realname_valid()
}

PHP message: /usr/local/share/savane/frontend/php/include/account.php:193:
[E_DEPRECATED] strtr(): Passing null to parameter #1 ($string) of type string
is deprecated
backtrace:
{
/usr/local/share/savane/frontend/php/project/admin/squadadmin.php:77:account_sanitize_realname()
}

The real name in database is "Unreal Test", it should not have been NULL.


___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.nongnu.org/

[sr #110994] savane.conf.php: missing $sys_vcs_dir

2023-12-26 Thread Jing Luo 
URL:
  

 Summary: savane.conf.php: missing $sys_vcs_dir
   Group: Savannah Administration
   Submitter: jing
   Submitted: Tue 26 Dec 2023 10:43:38 PM JST
Category: Savane
Priority: 5 - Normal
Severity: 3 - Normal
  Status: None
 Assigned to: None
Originator Email: 
Operating System: None
 Open/Closed: Open
 Discussion Lock: Any


___

Follow-up Comments:


---
Date: Tue 26 Dec 2023 10:43:38 PM JST By: Jing Luo 
Hi,

savane.conf.php is missing a variable which will cause "Use Git: Getting a
Copy of the Git Repository" to be blank.

$sys_vcs_dir = [
  "git" => [
"dir" => "/srv/git",
"clone-path" => "/srv/git",
  ],
];

Also, these two should probably be written to savane.conf.php:

$sys_savane_url = '//' . $sys_https_host . '/projects/administration';
$sys_savane_cgit = '//' . $sys_https_host . '/cgit/administration.git';








___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.nongnu.org/