[Mapbender-users] Cannot change application security permissions after mapbender update

david.patzke at wheregroup.com david.patzke at wheregroup.com
Fri Jun 18 01:21:49 PDT 2021


Hi Joel,

 

you have to option. First you could edit the file app_dev.php with a shell-based Editor like vi or nano and remove temporally the lines 12-18:


if (isset($_SERVER['HTTP_CLIENT_IP'])

   || isset($_SERVER['HTTP_X_FORWARDED_FOR'])

   || !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))

) {

   header('HTTP/1.0 403 Forbidden');

   exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');

}

 

Then you can open the dev controller from everywhere. Please be advised that this is a huge security risk, cause error pages in this mode will leak sensitive information! So, you have to reenable this security feature afterwards! Second options would be to tunnel the http port of your server to your local machine via ssh. Then you can open the application from your machine. 

 

Best regards David

Von: Mapbender_users <mapbender_users-bounces at lists.osgeo.org> Im Auftrag von Joel Blizzard
Gesendet: Thursday, June 17, 2021 11:38 PM
An: astrid.emde at wheregroup.com; Mapbender User List <mapbender_users at lists.osgeo.org>
Betreff: Re: [Mapbender-users] Cannot change application security permissions after mapbender update

 

Did you try doing an install and then an upgrade?

 

php version is PHP 7.2.24-0ubuntu0.18.04.7

 

Unfortunately I cannot run dev mode, as this is running on a cloud hosted server that I do not have a GUI on. Is there a way to run it from a system other than localhost?

I looked in the documentation and it says " Symfony offers a developer mode with lot of information about your application (logging, exceptions, database queries, memory usage, time and more). This mode is only available from localhost."

 

On Thu, Jun 17, 2021 at 1:07 AM Astrid Emde (WhereGroup) <astrid.emde at wheregroup.com <mailto:astrid.emde at wheregroup.com> > wrote:

Hello Joel,

I can not reproduce the error. Everything works fine at my installation.

Did you try the app_dev.php mode too?

What is your php version?

Astrid

Am 2021-06-14 22:08, schrieb Joel Blizzard:
> In upgrading from Mapbender 3.2.3 to 3.2.5 I no longer have the
> ability to adjust security settings on the applications I've created.
> 
> So if I go into an application, and go to the "Security" tab, if I try
> to remove public access, or add a user to the list, or make any kind
> of change to existing permissions for an application, when I click
> Save, I get an internal 500 error.
> 
> When I look at my logs on the server, I see this error:
> 
>  [php7:notice] [pid 4589] [client <IPaddress>:63695] PHP Notice:
> Undefined offset: 2 in
> /var/www/mapbender/vendor/symfony/security-acl/Dbal/MutableAclProvider.php
> on line 981
> 
> That is referring to this section of MutableAclProvider.php:
> Line 981 is the one that says "$ace = $old[$i]"
> 
> private function updateOldFieldAceProperty($name, array $changes)
>     {
>         $currentIds = array();
>         foreach ($changes[1] as $field => $new) {
>             for ($i = 0, $c = count($new); $i < $c; ++$i) {
>                 $ace = $new[$i];
> 
>                 if (null !== $ace->getId()) {
>                     $currentIds[$ace->getId()] = true;
>                 }
>             }
>         }
> 
>         foreach ($changes[0] as $old) {
>             for ($i = 0, $c = count($old); $i < $c; ++$i) {
>                 $ace = $old[$i];
> 
>                 if (!isset($currentIds[$ace->getId()])) {
> 
> $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
>                     unset($this->loadedAces[$ace->getId()]);
>                 }
>             }
>         }
>     }
> 
> Can anyone assist me in figuring out what's gone wrong here?
> 
> Thank you!
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org <mailto:Mapbender_users at lists.osgeo.org> 
> https://lists.osgeo.org/mailman/listinfo/mapbender_users

-- 
Mit freundlichen Grüßen

Astrid Emde
GIS-Consultant

*************************************************************************
Aufbau von Geodateninfrastrukturen mit Open-Source-Software
FOSS Academy 5 Tage-Kompaktkurs „Sommerschule 2021"
Jetzt anmelden: https://foss-academy.com/kompaktkurse/
*************************************************************************
   Astrid Emde
   WhereGroup GmbH
   Eifelstraße 7
   53119 Bonn
   Germany

   Fon: +49(0)228 90 90 38 - 22
   Fax: +49(0)228 90 90 38 - 11

   astrid.emde at wheregroup.com <mailto:astrid.emde at wheregroup.com> 
   www.wheregroup.com <http://www.wheregroup.com> 

   Meinen PGP Public-Key können Sie unter pgp.mit.edu <http://pgp.mit.edu>  herunterladen:

https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB
   Signierte und/oder verschlüsselte Nachrichten sind sehr willkommen

   Folgen Sie der WhereGroup auf twitter:
   http://twitter.com/WhereGroup_com

   Geschäftsführer:
   Olaf Knopp, Peter Stamm
   Amtsgericht Bonn, HRB 9885
-------------------------------_______________________________________________
Mapbender_users mailing list
Mapbender_users at lists.osgeo.org <mailto:Mapbender_users at lists.osgeo.org> 
https://lists.osgeo.org/mailman/listinfo/mapbender_users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapbender_users/attachments/20210618/f728fbb7/attachment-0001.html>


More information about the Mapbender_users mailing list