subject:"Bug#1042824\: Logging into SLBackup frontend returns error"

Bug#1042824: Logging into SLBackup frontend returns error

2023-08-02 Thread Guido Berhoerster

There are actually two critical problems causing logins to fail:

1. usage of crypt() without a salt (not actually used for passwords
   but as a hash function for some homemade encryption, see
   
https://salsa.debian.org/debian-edu-pkg-team/slbackup-php/-/blob/8eb0d468422cb3e06eed0092643d1bb4082f9b1c/src/index.php#L698)
2. a typo where the key is switched with the value while looping over
   an associative array which causes an exception with PHP 8 since 
   the key is a string accessed as an associative array (see
   
https://salsa.debian.org/debian-edu-pkg-team/slbackup-php/-/blob/8eb0d468422cb3e06eed0092643d1bb4082f9b1c/src/index.php#L48)

-- 
Guido Berhoerster

Bug#1042824: Logging into SLBackup frontend returns error

2023-08-01 Thread Guido Berhoerster

Package: slbackup-php
Version: 0.4.5-4


When logging into https://www/slbackup-php/ (after enabling password
login for root) on DebianEdu the server returns HTTP error 500.

The following is logged in error.log:

[Tue Aug 01 14:37:40.377047 2023] [php:error] [pid 508014] [client 
10.0.2.2:47888] PHP Fatal error:  Uncaught ArgumentCountError: crypt() expects 
exactly 2 arguments, 1 given in 
/usr/share/slbackup-php/web/index.php:698\nStack trace:\n#0 
/usr/share/slbackup-php/web/index.php(698): crypt()\n#1 {main}\n  thrown in 
/usr/share/slbackup-php/web/index.php on line 698, referer: 
https://www/slbackup-php/index.php

-- 
Guido Berhoerster

Bug#1042824: Logging into SLBackup frontend returns error

Bug#1042824: Logging into SLBackup frontend returns error

2 matches

Site Navigation

Mail list logo

Footer information