Modify

Opened 6 years ago

Closed 4 years ago

#5247 closed defect (fixed)

[patch] Stack trace escapes to user when htdigest file is not writeable

Reported by: reallifesim@… Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: minor Keywords: needinfo htpasswd file
Cc: Trac Release: 0.11

Description

The set_password api function can throw a TracError that web_ui._create_user fails to check for.

This will happen if the HtDigest file used for authentication is not writable by the apache user.

Attached patch with a fix.

Attachments (1)

acctmgr_exception.patch (181 bytes) - added by reallifesim@… 6 years ago.
patch for web_ui.py

Download all attachments as: .zip

Change History (5)

Changed 6 years ago by reallifesim@…

patch for web_ui.py

comment:1 Changed 6 years ago by anonymous

Hmm, that patch seems to be empty/unreadable. Here it is inline:

70c70,74 < mgr.set_password(user, password) ---

try:

mgr.set_password(user, password)

except TracError, e:

e.acctmgr = acctmgr raise e

It's against web_ui.py

comment:2 Changed 4 years ago by hasienda

  • Keywords htpasswd file added
  • Owner changed from mgood to hasienda
  • Summary changed from Stack trace escapes to user when htdigest file is not writeable to [patch] Stack trace escapes to user when htdigest file is not writeable

Actually there is just an issue with parsing certain diff files by the internal viewer. However I doubt that this will be an problem, as soon as #4276 get's fixed. And this will be really soon. The extra code shouldn't be needed then.

comment:3 Changed 4 years ago by hasienda

  • Keywords needinfo added

Could you please check trunk code, if this issue persists after [9272]?

We should get a proper error already at the time of opening the file for writing (in htfile.py, lin1 149), so this should be obsolete by now. Correct?

comment:4 Changed 4 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [9347]) AccountManagerPlugin: Improve error handling when writing to password files, closes #4040 and #5247, refs #6803.

Some messages without i18n markup were found while examining the code, so corresponding additions and updates to message catalogs are included as well.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.