[MGNLADMLEG-15] Log viewer list files but did not display logfiles if symlinks are used Created: 25/Jun/13  Updated: 08/Jul/13  Resolved: 25/Jun/13

Status: Closed
Project: Admininterface Legacy 4.x (closed)
Component/s: None
Affects Version/s: 5.0
Fix Version/s: 5.0.1

Type: Improvement Priority: Neutral
Reporter: Roman Kovařík Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-5105 Log viewer list files but did not dis... Closed
causality
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Before displaying the logfile in log viewer the canonical path of the log file is checked, that the logfile is located in the logs folder. But if you use symlink the canonical path is always different of the log folder path and so the log files are not displayed.

I think the method isValidPath in info.magnolia.module.admininterface.pages.LogViewerPage is buggy in this use case and furthermore needless in my point of view.



 Comments   
Comment by Magnolia International [ 04/Jul/13 ]

Doesn't this re-introduce the problem of MAGNOLIA-4646 ? I didn't look at the fix - but 1) i'm not sure why symlinks are a problem if you compare both canonical path of file and logs folder 2) in many apps (ie apache httpd for ex), following sym links is considered a security risk

Comment by Jan Haderka [ 08/Jul/13 ]

The fix is to convert configured log directory to canonical path as well and then compare two canonical paths. If admin configured path to point sym linked directory, this is by choice, not by accident. We still keep fix from MAGNOLIA-4646 intact by enforcing canonical path check on the files that are requested.

Generated at Sun Feb 11 23:08:45 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.