From irc channel, today.
Summary (full log below):
tiki-assignpermission.php in tiki 3.x seems to send the whole bunch of permissions for a group in the POST variable to the server, even if you just assign 1 new perm. And the suhosin patch for apache seems to restrict the size of the POST, so that it gets truncated at some point, before reaching the new permission/s to be assigned
that was for group "admin", which includes (inherits) many many perms from the lower level groups
workaround: filter first for a section (wiki, in my case), so that the list of perms is reduced to a smaller number. Assign the perms related to plugins, and then it works with no problem
Moreover, there seemed to be a problem with mod security (with the standard rules coming to Debian based servers), which was causing error 403 with that tiki-assignpermission.php .... once the sys admin disabled modsecurity for our site, tiki-assignpermissions.php worked as expected with the workaround described above
wtf*, there is something weird with tiki-assignpermission.php in tiki 3.3... ... I try to grant the 3 perms related to plugins to the group "Admins" (they have tiki_p_admin also already), and I get: You don't have permission to access /tiki-assignpermission.php on this server. (with a scary apache white page) I mean a 403 Forbidden page from apache to me that there is something wrong in the LTS for assigning permissions... [11:31] xavi aha, after conversation with sys admin in that server, I got the source of the problem, and workaround :-) tiki-assignpermission.php in tiki 3.x seems to send the whole bunch of permissions for a group in the POST variable to the server, even if you just assign 1 new perm. And the suhosin patch for apache seems to restrict the size of the POST, so that it gets truncated at some point, before reaching the new permission/s to be assigned [12:02] xavi that was for group "admin", which includes (inherits) many many perms from the lower level groups ok, workaround: filter first for a section (wiki, in my case), so that the list of perms is reduced to a smaller number. Assign the perms related to plugins, and then it works with no problem Moreover, there seemed to be a problem with mod security (with the standard rules coming to Debian based servers), which was causing error 403 with that tiki-assignpermission.php .... once the sys admin disabled modsecurity for our site, tiki-assignpermissions.php worked as expected with the workaround described above [12:02] marclaporte will you report the bug to suhosin? [12:09] xavi hi marclaporte, it might very well be not a bug, but a conflict between the size of the post that tiki sends, and the size of the variable allowed by default values by suhosin in apache, which (as far as I've been told) it's customizable.... [12:12] marclaporte ok [12:12] xavi so the chances that they will not consider it a bug are high (maybe similar for tiki, which wouldn't be considered a bug, but some "bad luck" of using such a long default list of perms) [12:13] marclaporte so nobody's "fault" but it's doesn't work [12:15] xavi btw, thanks for message introducing to the author of jquery spreadsheet... "it doesn't work": well, it does, if you filter the long list of perms for a section first or if you moun your sys admin to find out how to increase that default size in suhosin [12:15]
workaround: filter first for a section (wiki, in my case), so that the list of perms is reduced to a smaller number. Assign the perms related to plugins, and then it works with no problem
Moreover, there seemed to be a problem with mod security (with the standard rules coming to Debian based servers), which was causing error 403 with that tiki-assignpermission.php .... once the sys admin disabled modsecurity for our site, tiki-assignpermissions.php worked as expected with the workaround described above
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |