[MGNLADMLEG-15] Log viewer list files but did not display logfiles if symlinks are used Created: 25/Jun/13 Updated: 08/Jul/13 Resolved: 25/Jun/13 |
|
| Status: | Closed |
| Project: | Admininterface Legacy 4.x (closed) |
| Component/s: | None |
| Affects Version/s: | 5.0 |
| Fix Version/s: | 5.0.1 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Roman Kovařík | Assignee: | Roman Kovařík |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Date of First Response: | |||||||||||||
| Description |
|
Before displaying the logfile in log viewer the canonical path of the log file is checked, that the logfile is located in the logs folder. But if you use symlink the canonical path is always different of the log folder path and so the log files are not displayed. I think the method isValidPath in info.magnolia.module.admininterface.pages.LogViewerPage is buggy in this use case and furthermore needless in my point of view. |
| Comments |
| Comment by Magnolia International [ 04/Jul/13 ] |
|
Doesn't this re-introduce the problem of MAGNOLIA-4646 ? I didn't look at the fix - but 1) i'm not sure why symlinks are a problem if you compare both canonical path of file and logs folder 2) in many apps (ie apache httpd for ex), following sym links is considered a security risk |
| Comment by Jan Haderka [ 08/Jul/13 ] |
|
The fix is to convert configured log directory to canonical path as well and then compare two canonical paths. If admin configured path to point sym linked directory, this is by choice, not by accident. We still keep fix from MAGNOLIA-4646 intact by enforcing canonical path check on the files that are requested. |