Project

General

Profile

Bug #444

Owncould: documents shared by links are unavailable (not-admin logged users only)

Added by Pierre-Louis Bonicoli over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
Service :: Web
Start date:
2015-02-26
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
MilkyPond
Security:
Help Needed:

Description

Owncould: documents shared by links are unavailable for 'logged-but-not-administrator' users, an error message is displayed:

Unable to generate a URL for the named route "ocsms.sms.index" as such route does not exist.

Logs checked:
  • /var/log/owncloud.log contains the error displayed to the end-user:
    {"app":"remote","message":"Unable to generate a URL for the named route \"ocsms.sms.index\" as such route does not exist.","level":4,"time":"2015-02-26T00:13:12+00:00"}
    
  • /var/log/apache2/milkypond/error.log
  • /var/log/apache2/error.log

This backtrace is displayed when /etc/owncloud/config.php contains define( "DEBUG", 1);:

Unable to generate a URL for the named route "ocsms.sms.index" as such route does not exist.
#0 /usr/share/owncloud/lib/private/route/router.php(258): Symfony\Component\Routing\Generator\UrlGenerator->generate('ocsms.sms.index', Array, false)
#1 /usr/share/owncloud/lib/private/route/cachingrouter.php(39): OC\Route\Router->generate('ocsms.sms.index', Array, false)
#2 /usr/share/owncloud/lib/private/urlgenerator.php(41): OC\Route\CachingRouter->generate('ocsms.sms.index', Array)
#3 /usr/share/owncloud/lib/private/helper.php(44): OC\URLGenerator->linkToRoute('ocsms.sms.index', Array)
#4 /usr/share/owncloud/lib/public/util.php(221): OC_Helper::linkToRoute('ocsms.sms.index', Array)
#5 /usr/share/owncloud/apps/ocsms/appinfo/app.php(24): OCP\Util::linkToRoute('ocsms.sms.index')
#6 /usr/share/owncloud/lib/private/app.php(113): require_once('/usr/share/ownc...')
#7 /usr/share/owncloud/lib/private/app.php(95): OC_App::requireAppFile('ocsms')
#8 /usr/share/owncloud/lib/private/app.php(75): OC_App::loadApp('ocsms')
#9 /usr/share/owncloud/apps/files_sharing/public.php(5): OC_App::loadApps()
#10 /usr/share/owncloud/public.php(46): require_once('/usr/share/ownc...')
#11 {main}

History

#1

Updated by Pierre-Louis Bonicoli over 4 years ago

  • Subject changed from Owncould: documents shared by links are unavailable to Owncould: documents shared by links are unavailable (not-admin logged users only)
  • Description updated (diff)
#2

Updated by Pierre-Louis Bonicoli over 4 years ago

  • Status changed from New to Resolved
  • Assignee set to Pierre-Louis Bonicoli
  • % Done changed from 0 to 100

Error is here: https://github.com/owncloud/core/blob/v7.0.5/lib/private/app.php#L224.

Workaround: don't restrict access of applications to some group.

Error is fixed in trunk, the fix isn't available for 8.0.0.

I researched quickly, it seems there is no security issue (GET and POST requests are checked).

#!/bin/bash

data=$(cat <<DATA
{}
DATA
)

# Test POST
HOST=https://stuff.milkypond.org/index.php/apps/ocsms/push?format=json
wget -O - --http-user=test --http-password=lolcoin --no-http-keep-alive --post-data="$data" \
    --header="Content-Type: text/json" --no-check-certificate \
    $HOST 

# Test GET
HOST=https://stuff.milkypond.org/index.php/apps/ocsms/get/smsidlist?format=json
wget -O - --http-user=test --http-password=lolcoin --no-http-keep-alive --no-check-certificate $HOST

Also available in: Atom PDF