| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1608
|
Thu Jan 19 10:31:05 2006 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.6 | Re: Buffer Overflow? |
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
|
1615
|
Fri Jan 20 02:53:40 2006 |
 | Chris Warner | christopher_warner@dcd.uscourts.gov | Comment | Linux | 2.6 | Re: Buffer Overflow? |
| Stefan Ritt wrote: |
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Thanks for the quick response! |
|
408
|
Thu Jul 24 15:10:14 2003 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | Windows | 2.3.9 | Re: Bottom text = <file> not displayed in every screen? | > I tried to add a file with the "Bottom text = <file>" option.
>
> Although one would suggest that the bottom text file is included in every
> page, I only saw the file appear in the page that appears when you issue
> the "cmd=Edit" command.
That's really weired. The file is displayed at the bottom of single messages,
and the message list, but NOT at the form, which you reach with the "Edit"
command. So all I can suggest ist the following:
- Hit the reload button on your browser each time you change that file, to
make sure the browser does not display a page from its cache
- The HTML file is *included* in the normal page, so it should not contain
<HTML> or <BODY> tags. Start with a simple file containing something like
<center>Test</center>
and see what you get.
- Make sure the file is in the elog "resource" directory, which gets
displayed if you start elogd with the "-v" flag.
Let me know if any of this helped. |
|
2303
|
Fri Aug 3 16:00:42 2007 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Windows | 2.6.5-1903 | Re: Boolean |
| Grant Jeffcote wrote: | | I've noticed in the latest release when using the 'Find' page that any boolean expression (tick box) is now shown as '0,1 or unspecified'. Is this intentional? My colleagues are finding it hard to get their heads around what to choose and preferred the old 'Tick Box' option. Have there been changes to the configuration arguments used for Boolean that I've missed? |
Well, maybe you didn't realize, but searching for boolean attributes never really worked. If you want to search for entries where a boolean is true (or 1), then you could check the tick box in the past. But if you wanted to search for all entries were an attribute was false (not true) you could not do it, because the system assumed you are not interested in an attribute if the tick box was not checked. With the new way, you could either specify 'unspecified' meaning you are not filtering on this attribute, or you can explicitly specify '0', to look for entries where the attribute is false. The best would be to have a three-state tick box, which can be on/off/grayed. Under Windows API this does exist, but not in HTML. So I had to go with the three radio buttons.
Now one could argue how to name boolean states. There are several options:
- 0 / 1
- no / yes
- false / true
- off /on
I have chosen the first one, but that's kind of arbitrary. If the community believes that another one is better, I'm willing to change. |
|
2304
|
Fri Aug 3 17:03:46 2007 |
| Grant Jeffcote | grant@jeffcote.org | Question | Windows | 2.6.5-1903 | Re: Boolean |
| Stefan Ritt wrote: |
| Grant Jeffcote wrote: | | I've noticed in the latest release when using the 'Find' page that any boolean expression (tick box) is now shown as '0,1 or unspecified'. Is this intentional? My colleagues are finding it hard to get their heads around what to choose and preferred the old 'Tick Box' option. Have there been changes to the configuration arguments used for Boolean that I've missed? |
Well, maybe you didn't realize, but searching for boolean attributes never really worked. If you want to search for entries where a boolean is true (or 1), then you could check the tick box in the past. But if you wanted to search for all entries were an attribute was false (not true) you could not do it, because the system assumed you are not interested in an attribute if the tick box was not checked. With the new way, you could either specify 'unspecified' meaning you are not filtering on this attribute, or you can explicitly specify '0', to look for entries where the attribute is false. The best would be to have a three-state tick box, which can be on/off/grayed. Under Windows API this does exist, but not in HTML. So I had to go with the three radio buttons.
Now one could argue how to name boolean states. There are several options:
- 0 / 1
- no / yes
- false / true
- off /on
I have chosen the first one, but that's kind of arbitrary. If the community believes that another one is better, I'm willing to change. |
Stefan
Thanks for the great explanation.
What are the chances of having a choice of the four options (as mentioned in your list) somehow so that when boolean-x is used (for example) in the configuration file the applicable option text is shown in the 'Find' page?
ie.
boolean-x = 0/1
boolean-y = no / yes
boolean-z = false / true
etc.
A long shot perhaps but don't know until you ask? 
Thanks |
|
2305
|
Fri Aug 3 17:05:56 2007 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Windows | 2.6.5-1903 | Re: Boolean |
| Grant Jeffcote wrote: | | What are the chances of having a choice of the four options (as mentioned in your list) somehow so that when boolean-x is used (for example) in the configuration file the applicable option text is shown in the 'Find' page? |
If several people will ask for it, I will put it in. |
|
69418
|
Sun Nov 21 23:49:42 2021 |
| Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Question | Linux | 3.1.2 | Re: Body of new messages not getting saved when submitted | Hello Harry,
the elog server (elogd) is a standalone application written in C and contains a full webserver and logfile management system.
There are no other dependencies to apache or python.
You can use a webserver like apache or nginx in combination with elog to act as a proxy,
e.g. to handle the encryption part of the communication between your web browser and the elogd, but you don't need to.
Regarding the first part of your message:
The elog server worked normally; entries (including the text body) got saved correctly until the last update?
The only thing in your list of updates, I can think of making this problem could be the update of ckeditor as it is the text editor used by elog.
The other packages should not be related to elog... but I am not a package maintainer.
I compiled elog from source and it brings the necessary files with it.
Best wishes,
Sebastian
| Harry Martin wrote: |
|
I've been using elog for a few years now. I've had the current setup working for me up until today.
If I create a new message (entry, whatever they are called), or if I attempt to update an existing message, only the header information is saved. The body (the part I can see in the editor) does not get saved.
Yesterday, I did do some updates on the server machine. Among them was an update to apache2, but I am not using apache2 (I can disable apache2, and elogd continues serving elog on client machines). Also updated were several python3 packages; I ran into a compatibility problem with python3 with a different package, so I wonder if that could have some impact for elog also. About 50 packages were updated altogether.
Here are the packages that were updated yesterday (in case this is of interest to solving the issue):
[...]
This is a devuan ascii server only for clients on a local area network.
|
|
|
69419
|
Mon Nov 22 00:44:21 2021 |
| Harry Martin | harrymartin772@gmail.com | Question | Linux | 3.1.2 | Re: Body of new messages not getting saved when submitted | Thank you for your quick response, Sebastion. The new version of ckeditor is 4.5.7 -- is this version compatible with elog 3.1.2? It is possible that I am using an outdated elog or outdated ckeditor due to the fact that this server is a bit old; I am looking to upgrade this machine soon, but I have several other issues to resolve first.
| Sebastian Schenk wrote: |
|
Hello Harry,
the elog server (elogd) is a standalone application written in C and contains a full webserver and logfile management system.
There are no other dependencies to apache or python.
You can use a webserver like apache or nginx in combination with elog to act as a proxy,
e.g. to handle the encryption part of the communication between your web browser and the elogd, but you don't need to.
Regarding the first part of your message:
The elog server worked normally; entries (including the text body) got saved correctly until the last update?
The only thing in your list of updates, I can think of making this problem could be the update of ckeditor as it is the text editor used by elog.
The other packages should not be related to elog... but I am not a package maintainer.
I compiled elog from source and it brings the necessary files with it.
Best wishes,
Sebastian
| Harry Martin wrote: |
|
I've been using elog for a few years now. I've had the current setup working for me up until today.
If I create a new message (entry, whatever they are called), or if I attempt to update an existing message, only the header information is saved. The body (the part I can see in the editor) does not get saved.
Yesterday, I did do some updates on the server machine. Among them was an update to apache2, but I am not using apache2 (I can disable apache2, and elogd continues serving elog on client machines). Also updated were several python3 packages; I ran into a compatibility problem with python3 with a different package, so I wonder if that could have some impact for elog also. About 50 packages were updated altogether.
Here are the packages that were updated yesterday (in case this is of interest to solving the issue):
[...]
This is a devuan ascii server only for clients on a local area network.
|
|
|
|