New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

html tags are displayed in permission error message #12300

Open
Findus23 opened this Issue Nov 26, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@Findus23
Copy link
Member

Findus23 commented Nov 26, 2017

related to #10369

I tried to update a plugin but forgot to change the owner of the folder back to ẁww-data before, so Piwik couldn't create a file.
But the error message isn't displayed correctly:
grafik

<div id="notificationContainer">
    <div style="display:none" data-role="notification" data-id="CorePluginsAdmin_InstallPlugin" data-type="persistent"
         data-title="" data-noclear="0" data-context="error" data-raw="">Error while creating/copying file to &lt;code&gt;/var/www/piwik/plugins//ActivityLog/Widgets/GetActivityLog.php&lt;/code&gt;.
        &lt;br /&gt;Please check that the web server has enough permission to write to these files/directories:&lt;br /&gt;For
        example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:&lt;br /&gt;
        &lt;code&gt;chown -R www-data:www-data /var/www/piwik&lt;/code&gt;&lt;br /&gt;&lt;code&gt;chmod -R 0755
        /var/www/piwik&lt;/code&gt;&lt;br /&gt;
    </div>
</div>
@sgiehl

This comment has been minimized.

Copy link
Member

sgiehl commented Nov 26, 2017

Not sure but maybe this would fix it:

diff --git a/core/Filesystem.php b/core/Filesystem.php
index 7fbd63b..f1a2a8a 100644
--- a/core/Filesystem.php
+++ b/core/Filesystem.php
@@ -10,6 +10,7 @@ namespace Piwik;
 
 use Exception;
 use Piwik\Container\StaticContainer;
+use Piwik\Exception\MissingFilePermissionException;
 use Piwik\Plugins\Installation\ServerFilesGenerator;
 use Piwik\Tracker\Cache as TrackerCache;
 use Piwik\Cache as PiwikCache;
@@ -502,7 +503,9 @@ class Filesystem
             if (!@copy($source, $dest)) {
                 $message = "Error while creating/copying file to <code>$dest</code>. <br />"
                     . Filechecks::getErrorMessageMissingPermissions(self::getPathToPiwikRoot());
-                throw new Exception($message);
+                $exception = new MissingFilePermissionException($message);
+                $exception->setIsHtmlMessage();
+                throw $exception;
             }
         }
@Findus23

This comment has been minimized.

Copy link
Member Author

Findus23 commented Feb 11, 2018

I tried this out (by adding a failing copy to a plugins Systemsettings init) and while this fixes the error when it appears via HTML
grafik
it doesn't work on the SystemSettings page:
grafik

The request to http://localhost/piwik/index.php?date=today&format=JSON2&idSite=1&method=CorePluginsAdmin.getSystemSettings&module=API&period=month returns:

{
   "result":"error",
   "message":"Error while creating\/copying file to &lt;code&gt;dsfdsf&lt;\/code&gt;. &lt;br \/&gt;Please check that the web server has enough permission to write to these files\/directories:&lt;br \/&gt;For example, on a GNU\/Linux server if your Apache httpd user is www-data, you can try to execute:&lt;br \/&gt;&lt;code&gt;chown -R www-data:www-data \/home\/lukas\/public_html\/piwik&lt;\/code&gt;&lt;br \/&gt;&lt;code&gt;chmod -R 0755 \/home\/lukas\/public_html\/piwik&lt;\/code&gt;&lt;br \/&gt;"
}

In addition the notification disappears after a few seconds.

Pushed change to https://github.com/matomo-org/matomo/tree/escape-copy-permission-error

@sgiehl

This comment has been minimized.

Copy link
Member

sgiehl commented Feb 12, 2018

The JavaScript currently directly uses the response from API to create the notification in https://github.com/matomo-org/matomo/blob/3.x-dev/plugins/CoreHome/angularjs/common/services/piwik-api.js#L63-L77
We either would need to decode it in JS at that point, or don't send it encoded from PHP. But guess there was a good reason for encoding the PHP response

@mattab mattab added this to the 3.9.0 milestone Nov 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment