cvs -d :ext:cvs@midas.psi.ch:/usr/local/cvsroot checkout mxml

I downloaded the source code from the git repository which contained the new fix that was made for the missing username-crash error. I tried compiling the elogd.c file using a GCC compiler and it gave an error about missing header files. It first gave an error about netdb.h file and when I commented that header file call, it gave further errors for other header files. I do not really understand why it gives an error about that.  

dear stefan

I have a problem how to bring up the menu page menu elog download?
thank you

yes I mean functionally of elog or how to download files at elog?

I can confirm this issue exists on version 3.1.3, which I have installed elog on Debian 10.

The issue also exists on version 3.14 (1.20190113git283534d97d5a.el7), which I tested on an AmazonLinux EC2 instance.

This is what I found:

1. if I leave out the extension at the end of the URL for a non-existent page, it gives me the red error box. So far so good... Example: /gibberish

2. if I include any random extension at the end of the URL for a non-existent page, it gives me the red error box. So far so good... Example: /gibberish.php or /gibberish.htm or /gibberish.asdfasd

3. if I include any .html extension specifically at the end of the URL for a non-existent page, elog exposes the path /usr/share/elog/themes/default/gibberish.html. This is a bug... Example: /gibberish.html exposes the path, and likewise, /.gibberish.html ( "dot" + gibberish) exposes the path

4. if I include a valid, existent .html file which is located in the directory /usr/share/elog/themes/default/, and call it, elog exposes the html document. Example: I created an html file called gibberish.html (containing <html><body><p>Hello world</p></body></html>) in my system's /usr/share/elog/themes/default/ directory. After navigating back to the /gibberish.html URL, I was presented with the HTML file.

Turning on -v (verbose mode), the response by elogd when accessing these are: "GET /elog/gibberish.html HTTP/1.0 Returned 605 bytes" (displays "Hello world" html file), and "GET /elog/gibberish.asdfasd HTTP/1.0 Returned 605 bytes" (displays red error box).

=====

My guess: the program seems to be caring about the files ONLY if they have html file extension. Please see the screenshots below.

====

What are the security implications? Not much, I think. From what I can tell, exposing the "/usr/share/themes/elog" path, and also exposing the elog version when the file does not exist. Hope this reply helps anyone else with the same question.

(I am sure the error exposing the version can be removed by editing the source code--this is probably beyond my capabilities at this point).

hi sirs,

am using freebsd, this morning i started elog and did a few record with no problem.

just this afternoon when i enter firefox3 http://localhost:8000/, i got zero number of records for all of my logbooks.

but the data are not erased though.

any idea would be appreciated.

regards,

jotawski

Hi,

I have set up my elog for testing and setup postfix to be able to send email notification for register of new user but whatever i try elog cannot set email. I try to sent test email in my bash and this is working without problem to my gmail account.

I have tried several configuration for my smtp client on my centos 7 but nothing is working in elog for the email. I also tried with several other email but no change either.

Is there a problem with the automatic sending of email ? 

Best

Pierre