Modify

Opened 8 years ago

Closed 7 years ago

#5247 closed defect (fixed)

[patch] Stack trace escapes to user when htdigest file is not writeable

Reported by: reallifesim@… Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: minor Keywords: needinfo htpasswd file
Cc: Trac Release: 0.11

Description

The set_password api function can throw a TracError that web_ui._create_user fails to check for.

This will happen if the HtDigest file used for authentication is not writable by the apache user.

Attached patch with a fix.

Attachments (1)

acctmgr_exception.patch (181 bytes) - added by reallifesim@… 8 years ago.
patch for web_ui.py

Download all attachments as: .zip

Change History (5)

Changed 8 years ago by reallifesim@…

Attachment: acctmgr_exception.patch added

patch for web_ui.py

comment:1 Changed 8 years ago by anonymous

Hmm, that patch seems to be empty/unreadable. Here it is inline:

70c70,74 < mgr.set_password(user, password) ---

try:

mgr.set_password(user, password)

except TracError, e:

e.acctmgr = acctmgr raise e

It's against web_ui.py

comment:2 Changed 7 years ago by Steffen Hoffmann

Keywords: htpasswd file added
Owner: changed from Matt Good to Steffen Hoffmann
Summary: Stack trace escapes to user when htdigest file is not writeable[patch] Stack trace escapes to user when htdigest file is not writeable

Actually there is just an issue with parsing certain diff files by the internal viewer. However I doubt that this will be an problem, as soon as #4276 get's fixed. And this will be really soon. The extra code shouldn't be needed then.

comment:3 Changed 7 years ago by Steffen Hoffmann

Keywords: needinfo added

Could you please check trunk code, if this issue persists after [9272]?

We should get a proper error already at the time of opening the file for writing (in htfile.py, lin1 149), so this should be obsolete by now. Correct?

comment:4 Changed 7 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

(In [9347]) AccountManagerPlugin: Improve error handling when writing to password files, closes #4040 and #5247, refs #6803.

Some messages without i18n markup were found while examining the code, so corresponding additions and updates to message catalogs are included as well.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.