Actions
Bug #444
closedOwncould: documents shared by links are unavailable (not-admin logged users only)
Start date:
2015-02-26
Due date:
% Done:
100%
Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
MilkyPond
Security:
Help Needed:
Description
Owncould: documents shared by links are unavailable for 'logged-but-not-administrator' users, an error message is displayed:
Unable to generate a URL for the named route "ocsms.sms.index" as such route does not exist.Logs checked:
- /var/log/owncloud.log contains the error displayed to the end-user:
{"app":"remote","message":"Unable to generate a URL for the named route \"ocsms.sms.index\" as such route does not exist.","level":4,"time":"2015-02-26T00:13:12+00:00"}
- /var/log/apache2/milkypond/error.log
- /var/log/apache2/error.log
This backtrace is displayed when /etc/owncloud/config.php
contains define( "DEBUG", 1);
:
Unable to generate a URL for the named route "ocsms.sms.index" as such route does not exist. #0 /usr/share/owncloud/lib/private/route/router.php(258): Symfony\Component\Routing\Generator\UrlGenerator->generate('ocsms.sms.index', Array, false) #1 /usr/share/owncloud/lib/private/route/cachingrouter.php(39): OC\Route\Router->generate('ocsms.sms.index', Array, false) #2 /usr/share/owncloud/lib/private/urlgenerator.php(41): OC\Route\CachingRouter->generate('ocsms.sms.index', Array) #3 /usr/share/owncloud/lib/private/helper.php(44): OC\URLGenerator->linkToRoute('ocsms.sms.index', Array) #4 /usr/share/owncloud/lib/public/util.php(221): OC_Helper::linkToRoute('ocsms.sms.index', Array) #5 /usr/share/owncloud/apps/ocsms/appinfo/app.php(24): OCP\Util::linkToRoute('ocsms.sms.index') #6 /usr/share/owncloud/lib/private/app.php(113): require_once('/usr/share/ownc...') #7 /usr/share/owncloud/lib/private/app.php(95): OC_App::requireAppFile('ocsms') #8 /usr/share/owncloud/lib/private/app.php(75): OC_App::loadApp('ocsms') #9 /usr/share/owncloud/apps/files_sharing/public.php(5): OC_App::loadApps() #10 /usr/share/owncloud/public.php(46): require_once('/usr/share/ownc...') #11 {main}
Updated by Pierre-Louis Bonicoli over 8 years ago
- Subject changed from Owncould: documents shared by links are unavailable to Owncould: documents shared by links are unavailable (not-admin logged users only)
- Description updated (diff)
Updated by Pierre-Louis Bonicoli over 8 years ago
- Status changed from New to Resolved
- Assignee set to Pierre-Louis Bonicoli
- % Done changed from 0 to 100
Error is here: https://github.com/owncloud/core/blob/v7.0.5/lib/private/app.php#L224.
Workaround: don't restrict access of applications to some group.
Error is fixed in trunk, the fix isn't available for 8.0.0.
I researched quickly, it seems there is no security issue (GET and POST requests are checked).
#!/bin/bash data=$(cat <<DATA {} DATA ) # Test POST HOST=https://stuff.milkypond.org/index.php/apps/ocsms/push?format=json wget -O - --http-user=test --http-password=lolcoin --no-http-keep-alive --post-data="$data" \ --header="Content-Type: text/json" --no-check-certificate \ $HOST # Test GET HOST=https://stuff.milkypond.org/index.php/apps/ocsms/get/smsidlist?format=json wget -O - --http-user=test --http-password=lolcoin --no-http-keep-alive --no-check-certificate $HOST
Actions