[SAC] osgeo.org problems

Harrison Grundy harrison.grundy at astrodoggroup.com
Thu Jun 4 15:31:07 PDT 2015


On 6/4/2015 5:07 PM, Martin Spott wrote:
> Hi Jorge,
>
> On Thu, Jun 04, 2015 at 02:50:09PM +0200, Jorge Sanz wrote:
>
>> Jeff, Alex, I was going to send this to SAC but I'm not sure to make
>> this public, you'll better know what to do with this information,
>> maybe it's nothing but I'm a little bit alarmed, yes. At this time I
>> can only access the website as a logged user and only to admin pages,
>> normal node pages have the redirect loop problem. I tried this on
>> Chrome, Firefox and Safari.
> Note that I don't distrust your expertise, but unfortunately this is
> difficult to reproduce.  Maybe we need to compile a list of browsers
> and platforms in order to find out which ones are ok and which ones
> don't. Let me have a simple start:
>
> ***** worksforme (HTTP and HTTPS, anonymous and logged in) *****
> Firefox 38 on FreeBSD 10
> Firefox 31 on Mac OS X 10.10
> Safari 8 on Mac OS X 10.10
>
>
> ***** failed to connect *****
> <add yours>
>
>
> Are you sure you checked *after* Tue, 2 Jun 2015 ?
>
>> I've just removed a bunch o pages from the website. They had php code
>> tags with non sense code to me and were created by the admin user
>> along with a content type (see screenshot).
>>
>> I've disabled the PHP input format and have no idea if this is related
>> with the redirects loop event but certainly I'm worried.
>>
>> Has anyone created this content type and entries?
> No idea, but I'm aware that the main web site is in bad state: We're
> using Drupal and PHP versions which are known to be unsafe.  We can't
> update PHP because the site is using custom PHP code for the service
> providers inventory which fails on modern PHP versions and, on the
> other hand, we can't update Drupal because it would require a modern
> PHP version.
>
> Thus, by upgrading PHP we'll break the service providers, by updating
> Drupal we'll break most of the site.  Updating PHP *and* Drupal (which
> would be essential from a security point of view) is guaranteed to
> break everything  :-)
> As far as I understand the most advisable approach to escape this lock
> is to find a maintainer for the service providers PHP code.
>
Is there a copy of the existing code posted somewhere people could take 
a look at?

--- Harrison



More information about the Sac mailing list