List Info

Thread: BUG (not urgent): runtime error when editing an openly editable non-text media resource of another u
BUG (not urgent): runtime error when editing an openly editable non-text media resource of another u
user name
 2007-05-19 17:34:06 
hi samizdat-devel,

Here's a bug which in principle should be corrected, though
it's only likely
to annoy users once there is a sufficient number of users
who both like
wiki culture for text but also wish to openly edit others'
non-text media.

http
s://savannah.nongnu.org/bugs/index.php?19909

cheers
boud




SUMMARY:
If a user tries to replace a non-text media resource created
by another
user as an openly editable resource, then a runtime error
occurs. This
can either be two different users with logins, or the first
user may be
guest (the anonymous user).

VERSION:
0.6.0.20070509


DESCRIPTION:

1. guest publishes a .png file with status open for editing

-> resource 3098
guest/3098.png created

2. registered user logs in

3. user tries to replace 3098 with a new upload of a .png
file 
- preview is OK

two files now exist in content/ :
user/upload.png  # new file
guest/3098.png   # old file

4. confirm
- runtime error occurs after confirm:

Samizdat: No such file or directory -
/var/www/samizdat/content/guest/upload.png or
/var/www/samizdat/content/guest/3098.png
Exception: Errno::ENOENT
Error ID: 0c908e3c0b5c82f3bd1bd998eeac8f71
CGI parameters:
{"confirm"=>["Confirm"],
"rating"=>[""],
"format"=>["image/png"],
"title"=>["guest publishes an
image"], "body"=>[""],
"focus"=>[""],
"action"=>[""],
"upload"=>["true"],
"desc"=>[""],
"lang"=>["en"],
"action_token"=>["b9486d36bb6628f97ffb7719
40415572"], "open"=>["true"]}
Backtrace:
/usr/lib/ruby/1.8/samizdat/models/content.rb:150:in
`rename'
/usr/lib/ruby/1.8/samizdat/models/content.rb:150:in
`move_upload'
/usr/lib/ruby/1.8/samizdat/controllers/message_controller.rb
:168:in `edit'
/usr/lib/ruby/1.8/samizdat/controllers/message_controller.rb
:165:in `save'
/usr/lib/ruby/1.8/samizdat/controllers/message_controller.rb
:408:in `transaction'
/usr/lib/ruby/1.8/samizdat/controllers/message_controller.rb
:408:in `save'
/usr/lib/ruby/1.8/samizdat/controllers/message_controller.rb
:165:in `edit'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:76:in
`send'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:76:in
`render'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:120:in
`dispatch'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:117:in
`catch'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:117:in
`dispatch'
/usr/lib/ruby/1.8/samizdat/engine/dispatcher.rb:130:in
`run'
/usr/share/samizdat/cgi-bin/dispatch.rb:23
/usr/lib/ruby/1.8/apache/ruby-run.rb:53:in `load'
/usr/lib/ruby/1.8/apache/ruby-run.rb:53:in `handler'

The error message is correct: two files now exist in
content/ :
user/upload.png  # new file
guest/3099.png   # old file was renamed from 3098.png to
3099.png

4. The resource 3098 now has no image at all - the content
reproduces
the title.



ATTEMPTED ANALYSIS - KEY LINES IN CODE:

models/content.rb:
class Content
  login
  file_path
  move_upload
  upload_filename


controllers/message_controller.rb:
def edit

     if request.has_key? 'confirm'
       check_content
       save do
         version_id = message.edit!
         old_content.move_upload(request, id,
version_id)
         message.content.move_upload(request)   # problem occurs
here
       end
       request.redirect(message.id)

############################################################
##########



_______________________________________________
samizdat-devel mailing list
samizdat-develnongnu.org
http://lists.nongnu.org/mailman/listinfo/samizdat-devel
Re: BUG (not urgent): runtime error when editing an openly editable non-text media resource of anoth
user name
 2007-05-20 07:28:55 
On 5/19/07, boud <boudriseup.net> wrote:
> Here's a bug which in principle should be corrected,
though it's only likely
> to annoy users once there is a sufficient number of
users who both like
> wiki culture for text but also wish to openly edit
others' non-text media.
>
> http
s://savannah.nongnu.org/bugs/index.php?19909

Confirmed, I will look into this. When reproducing the bug,
I also
noticed that preview page says "by guest", not
"by user", which means
that Message class fails to set creator properly.

Message publishing is core functionality in Samizdat, and
media upload
is security sensitive on top of that, so I upgraded this bug
to
important and I will try to figure it out today.

-- 
Dmitry Borodaenko


_______________________________________________
samizdat-devel mailing list
samizdat-develnongnu.org
http://lists.nongnu.org/mailman/listinfo/samizdat-devel
Re: BUG (not urgent): runtime error when editing an openly editable non-text media resource of anoth
user name
 2007-05-20 07:57:23 
On 5/20/07, Dmitry Borodaenko <angdrauggmail.com> wrote:
> On 5/19/07, boud <boudriseup.net> wrote:
> > http
s://savannah.nongnu.org/bugs/index.php?19909
> Confirmed, I will look into this. When reproducing the
bug, I also
> noticed that preview page says "by guest",
not "by user", which means
> that Message class fails to set creator properly.

The fix is simple and obvious:

--- lib/samizdat/controllers/message_controller.rb
3e4f5ea3e7a6cb63ce0b2b8929f0825023d1b978
+++ lib/samizdat/controllers/message_controller.rb
0f2485144a2a0fbc72fef7603c89b43cf1d2503f
 -156,6
+156,7  class MessageController < Controller
     end
     message.assert_current_version

+    set_creator
     set_content
     set_lang(message.lang)
     set_desc

-- 
Dmitry Borodaenko


_______________________________________________
samizdat-devel mailing list
samizdat-develnongnu.org
http://lists.nongnu.org/mailman/listinfo/samizdat-devel
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )