Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 381 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
New entries since:Thu Jan 1 01:00:00 1970
 Full | Summary | Threaded | Hide attachments  Show all entries    6457 Entries 
Goto page Previous  1, 2, 3 ... 380, 381, 382 ... 806, 807, 808   Next  
ID Date Icon Authordown Author Email Category OS ELOG Version Subject
  69302   Thu Feb 18 12:06:12 2021 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4-2Re: elog server go to high CPU and hangs
Usually a restart of the elogd server helps. If the problem persists, one of the logbooks might be corrupt. Try to disable one logbook at a time to figure out which one it is. Then 
remove that one and set it up freshly.

Stefan
  69304   Fri Feb 19 08:35:53 2021 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux3.1.4Re: export/archive a logbook

Find -> Export to: CSV (or any other format) -> Search

Jacky Li wrote:

Hi,

I have an elogd server serves many logbooks.  May I know what is a good way to export or achive one its logbooks?  Thank you.

Jacky

 

  69305   Fri Feb 19 09:59:04 2021 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4Re: Path disclosure on unfound file

I made a new RPM: https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-3.el7.x86_64.rpm

Gabriel Lopez wrote:

Hello, This is coming up as a high vulnerability in our scans. Are there plans to update the rpm for this fix? If so is there an ETA? Any update would be much appreciated. Currently running elog-3.1.4-2 

Stefan Ritt wrote:

Ok, I fixed the code in the current commit (395e101add19f0fe8a11a25d0822e511f34d94d1). The path gets stripped, and we see a

prinnydood wrote:

I can confirm this issue exists on version 3.1.3, which I have installed elog on Debian 10.

The issue also exists on version 3.14 (1.20190113git283534d97d5a.el7), which I tested on an AmazonLinux EC2 instance.

This is what I found:

1. if I leave out the extension at the end of the URL for a non-existent page, it gives me the red error box. So far so good... Example: /gibberish

2. if I include any random extension at the end of the URL for a non-existent page, it gives me the red error box. So far so good... Example: /gibberish.php or /gibberish.htm or /gibberish.asdfasd

3. if I include any .html extension specifically at the end of the URL for a non-existent page, elog exposes the path /usr/share/elog/themes/default/gibberish.html. This is a bug... Example: /gibberish.html exposes the path, and likewise, /.gibberish.html ( "dot" + gibberish) exposes the path

4. if I include a valid, existent .html file which is located in the directory /usr/share/elog/themes/default/, and call it, elog exposes the html document. Example: I created an html file called gibberish.html (containing <html><body><p>Hello world</p></body></html>) in my system's /usr/share/elog/themes/default/ directory. After navigating back to the /gibberish.html URL, I was presented with the HTML file.

Turning on -v (verbose mode), the response by elogd when accessing these are: "GET /elog/gibberish.html HTTP/1.0 Returned 605 bytes" (displays "Hello world" html file), and "GET /elog/gibberish.asdfasd HTTP/1.0 Returned 605 bytes" (displays red error box).

=====

My guess: the program seems to be caring about the files ONLY if they have html file extension. Please see the screenshots below.

====

What are the security implications? Not much, I think. From what I can tell, exposing the "/usr/share/themes/elog" path, and also exposing the elog version when the file does not exist. Hope this reply helps anyone else with the same question.

(I am sure the error exposing the version can be removed by editing the source code--this is probably beyond my capabilities at this point).

 

 

 

  69316   Wed Mar 10 17:30:23 2021 Reply Stefan Rittdo stefan.ritt@psi.chQuestionLinuxV3.1.4-80633baRe: Date conversion

Do you actually need to convert the date into the internal format? Why not keeping simply the full string YYYY-MM-DD HH:MM. If the use is disciplined enough to always use the correct format, there should be no issue. I invented the datetime format to "force" all date/time inputs to have the correct format. If you have a proper YYYY-MM-DD HH:MM format, even sorting (now by string) should work correctly.

Martin Neumann wrote:

Hi,

I am trying to figure out how ELOG works and I have a problem.

I have one datetime attribute, where I want the user to be able to enter the time in ISO8601 format (YYYY-MM-DD HH:MM) instead of the buttons.

How do I manage that this input is converted correctly into the internal format?

I tried adding a hidden locked Attribute called IntDate and use "Subst IntDate = $start" but the result is dates in 1970, even though I have set the Time Format to "%F %H:%M"

 

  69319   Mon Mar 22 15:10:12 2021 Reply Stefan Rittstefan.ritt@psi.chRequestLinux | AllV3.1.4Re: Request: make $text available for "subst"

$text is the full body text and can go over many lines. Since attributes are restricted to single lines, it's not possible to substitute them with the body text.

Stefan

Andreas Luedeke wrote:

Hi Stefan,

I've just tried to read the $text with subst into another field and failed.
It looks like $text is only available for the execution of shell scripts in the "execute new|edit|delete = <script>" command.

Could that be added? I can think of a multitude of applications:

  • In my case I want to fill an attribute X either with free text or generated from other fields. The list view will show just X and not how it was generated.
  • I could fill an attribute automatically with the character length of the text.
  • I could parse the text in a shell script and set other attributes according to the content.

Thank you for considering it.

Cheers, Andreas

 

  69323   Wed Mar 24 10:01:34 2021 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux3.14Re: automatically obtain entry ID from search

You would have to do that on the scrip level. Use "curl" to search a logbook. Like following URL would search for all entries in this forum where you are the authoer, then return the entries in CSV format:

https://elog.psi.ch/elogs/Forum/?mode=CSV1&Author=k%F6rner

Then you can parese this CSV file and extract the entry ID, which you can pass to the elog client to submit a new entry to the other logbook.

Stefan

Chris Körner wrote:

Hi,

in our application I want to have, let's say in the simplest case, two logbooks. One as a database of samples we fabricated and one as a logbook for measurements. When a measurement on a sample is done and an entry is submitted to the 2nd logbook, I want to automatically edit or reply to the corresponding entry in the 1st logbook. For example I want to append a line in the free text field to have a full log of what happened to a sample there. We reference our samples with a unique auto-generated ID in both logbooks. Is is somehow possible to search the 1st logbook for that ID or any other attribute and obtain the elog entry ID since the elog client will need that ID for editing an entry?

 

  69324   Wed Mar 24 10:06:26 2021 Reply Stefan Rittstefan.ritt@psi.chRequestLinux | AllV3.1.4Re: Request: make $text available for "subst"

Sure, attributes can be shown multi-line, but they cannot be stored in the elog internal database. The database is a very old design and only allows for single line attributes. Just look at a YYMMDDa.log file and you will see that. I would have to change the database format to somethign more advanced like XML, but that would take me a couple of weeks or months.

Soooorrryy! ;-)

Andreas Luedeke wrote:

While the input widget of text attributes is a single line, they can easily be multi-line in the display - when you use HTML at least.
And of course the user can parse the text field and generate a single line, if he wants to.
If you leave it to me, I'll create wonderful applications to that feature :-)

Please? ;-)

Stefan Ritt wrote:

$text is the full body text and can go over many lines. Since attributes are restricted to single lines, it's not possible to substitute them with the body text.

Stefan

Andreas Luedeke wrote:

Hi Stefan,

I've just tried to read the $text with subst into another field and failed.
It looks like $text is only available for the execution of shell scripts in the "execute new|edit|delete = <script>" command.

Could that be added? I can think of a multitude of applications:

  • In my case I want to fill an attribute X either with free text or generated from other fields. The list view will show just X and not how it was generated.
  • I could fill an attribute automatically with the character length of the text.
  • I could parse the text in a shell script and set other attributes according to the content.

Thank you for considering it.

Cheers, Andreas

 

 

 

  69327   Wed Mar 24 16:25:36 2021 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux3.1.3-1-1Re: Pre-fill Attribute with last entry

Nope, there is no way to acces the last value of an attribute. Sorry.

Stefan

Dominic Schneider wrote:

Hi all together,

I struggle a lot with the following problem:
I try to prefill certain attributes with the value of exactly the same attribute in the last entry made in the same logbook.

I know I have to go with Preset, tried a view hours and searched the forum but i didn't find a thing. Am I overlooking a flag, an option or whatever, or is there just not such a functionality (which I dont believe)?

I thought about:
Preset Test_Attribute = $Test_attribute
Preset Test_Attribute = Re:$Test_attribute
Preset Test_Attribute = $shell(Command to somehow get last entry and this attributes value)
Not succesful though.

I would be very thankful for help, thanks in advance.

 

Goto page Previous  1, 2, 3 ... 380, 381, 382 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6