Thanks !

Sometime I need to edit multiple values to add a new choice.
By exemple, if I add a new column "status" (open, closed...) , it's mandatory to use select menu to add the new value to existent entries.

With a lot of lines it's not possible to edit one by one.

The elog downloads page is slightly out of date, https://elog.psi.ch/elog/download.html

1) the "git clone" instructions work (but there is no git tags corresponding to different releases, I suggest adding test: "elog developers 
recommend always using latest version from elog git repository").

2) "elog source code", recommends downloading tar file, but latest tar file is from February 2023, probably out of date. people who can compile elog 
from sources can do "git clone", is the "tar" method still relevant?

3) windows binaries, latest available is from 2018, before the famous security fixes, probably no longer safe for running on the open internet. I 
suggest we remove this section and say "sorry, windows binaries no longer available".

4) linux binaries, all links are dead, and we have requested removal of elog packages from red hat, debian and ubuntu. (and they have been removed).

K.O.

Our elog instance (elogd 3.1.4 built Jan 13 2021, 20:44:20 revision ce2a48e9) has been running for years without any problems.

We have a new user who consistently crashes the elog:

GET /Omicron-STM-XPS/?rsort=Record%20date HTTP/1.1
Host: elog.fhi-berlin.mpg.de:4821
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-gpc: 1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Referer: https://elog.fhi-berlin.mpg.de/elog/isc/Omicron-STM-XPS/
Accept-Encoding: gzip, deflate, br
Accept-Language: el-GR,el;q=0.9,en;q=0.8
Cookie: ufnm=Sotirios Tsatsos; urem=1; elmode=full; elattach=1; sid=CD2B04E2C3F02EA4; googtrans=/en/en; amp_6e403e=aWS6RQd5UjGctj5Ym_cDzA.c2Fsdm9fc290b2thaXRlbkB5YWhvby5jb20=..1hajnscc0.1hajnscc0.0.ac.ac
X-Forwarded-For: 141.14.151.26
X-Forwarded-Host: elog.fhi-berlin.mpg.de
X-Forwarded-Server: elog.fhi-berlin.mpg.de
Connection: Keep-Alive

Received unknown cookie "googtrans"
Received unknown cookie "amp_6e403e"
*** buffer overflow detected ***: terminated
Abort (core dumped)

Thanks for the reminder, I updated the download instructions.

The server is crached because the author field was accidentally filled with a long string due to an automated (remote) script:

“
Author: The ion getter pump has successfully recovered and appears to be operating steadily once more. Consequently, I proceeded with sputtering to obtain an XPS survey scan of the Au sample.  Initially, the stability of the X-ray function was compromised, leading to multiple interruptions. Subsequently, an unexplained issue arose regarding the collection of counts on the channeltron detector. Additionally, the emission current exhibited fluctuations. Fortunately, it seems that we have addressed and resolved the previous issues.  In the image below, two XPS survey spectra are presented. The spectrum highlighted with a red line corresponds to the AlKa source, which was selected using the AlKa button. Conversely, the spectrum with a black line represents the MgKa source. In both cases, the energy configuration was set to 1486.7 eV. It's worth noting that the 1050 eV peak in both spectra corresponds to the Au4f state, with an energy displacement of 961.7 eV due to X-ray ghost lines caused by O contamination (84+961.7). It has come to my attention that the Mg source appears to have oxidized, a phenomenon we've observed before.  Moreover, it's important to highlight that the difference between the peaks in the low binding energy region is approximately 100 eV, not the expected 233 eV (considering the energy difference between magnesium and aluminum). This observation holds true for both cases where the same energy setting was used. Additionally, the energy of the Au4f peakSotirios Tsatso
“

Instead of just "Sotirios Tsatso". 

So it had nothing to do with the cookies etc.. But when the item created in this way was called up, the system crashed:

[248459.853246] elogd_misc[8407]: segfault at 561725164a4e ip 00007f8210c02854 sp 00007ffdcb92b338 error 4 in libc-2.31.so[7f8210a99000+178000]
[248459.853251] Code: 7f 07 c5 fe 7f 4f 20 c5 fe 7f 54 17 e0 c5 fe 7f 5c 17 c0 c5 f8 77 c3 48 39 f7 0f 87 ab 00 00 00 0f 84 e5 fe ff ff c5 fe 6f 26 <c5> fe 6f 6c 16 e0 c5 fe 6f 74 16 c0 c5 fe 6f 7c 16 a0 c5 7e 6f 44

Hi all,

I am using the Apache webserver authentication and redirection over http (not https). I have configured it 1:1 as described in the Adminguide. In the elog.cfg I set Authentication = Webserver.

All works fine; the webserver requests an authentication and elog recognizes me correctly.
However, when I close and reopen the browser and log in as a different user, elog does not change the user (tested with Firefox and Edge).
I can only change the user if I use a different browser or restart the elogd (reload is not enough).
The X-Forwarded-User header is set to the correct username - I have checked it with a CustomLog in Apache.

Best regards,
Frank

I found the reason of the bug:
In line 27441 of elogd.cxx the http_user is overwritten by the user saved in the sid_ array as a sideeffect of the sid_check function:
sid_check(getparam("sid"), http_user)

It can solved by changing elogd.cxx @ line 27441

27441c27441,27446
<          if (!sid_check(getparam("sid"), http_user)) { /*  if we don't have a sid yet, set it */
---
>          i=sid_check(getparam("sid"), thumb_name);
>          if (i && strcmp(http_user,thumb_name)!=0) {  /* user changed */
>             sid_remove(getparam("sid"));
>             i=FALSE;
>          }
>          if (!i) { /*  if we don't have a sid yet, set it */

Remark: I have used the variables i & thumb_name of the function in a local context.

> "file not found" should return http code 404. elogd returns code 200 together
> with a page containing text "404 not found". This pollutes the browser cache
> with wrong content (in this case, we are trying to load a css file, and the browser
> is trying to use text "404 not found" as if it were a css. bad. file not found
> should return http code 404. K.O.

Yes. That's quite a problem when interacting with ELOG programmatically. Only way to 
find whether response succeeded or failed with 404 is to parse response body

When file is not found send_file_direct calls show_html_header which in turn calls 
show_http_header which sets HTTP code 200 unconditionally. It's reasonably easy to 
patch around.